Lucene search
K

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 8:51 p.m.•23 views

Security Bulletin: IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH

Summary IBM Sterling B2B Integrator is affected by security vulnerability in OpenSSH Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity chec...

5.9CVSS6.8AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 8:50 p.m.•20 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System [CVE-2023-48795]

Summary Redhat provided OpenSSH is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-48795 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9...

5.9CVSS6.8AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 8:46 p.m.•57 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2023-52881)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas fr...

5.5CVSS7.2AI score0.00227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 8:45 p.m.•28 views

Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160)

Summary IBM Db2 Big SQL on Cloud Pak for Data is affected by insufficient session expiration when handling authorizations. Vulnerability Details CVEID:CVE-2024-35160 DESCRIPTION: IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and...

6.5CVSS5.5AI score0.00352EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 8:43 p.m.•42 views

Security Bulletin: This Power System update is being released to address CVE-2024-41781

Summary An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore Vulnerability Details CVEID:CVE-2024-41781 DESCRIPTION: IBM PowerVM Platform KeyStore functionality can be compromised if an attacker gain...

5.9CVSS5AI score0.00343EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 12:25 p.m.•14 views

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by IBM Security Verify Governance have multiple vulnerabilities

Summary IBM Security Verify Governance ISVG ships with IBM Db2 and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS6.6AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 10:19 a.m.•18 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2021-37137 DESCRIPTION: Netty netty-codec is vulnerable to a deni...

9.1CVSS8.7AI score0.18891EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 6:16 a.m.•23 views

Security Bulletin: Vulnerabilities in Eclipse Jetty affect watsonx.data

Summary Eclipse Jetty is vulnerable to a denial of service attack and to disclosure of sensitive data attack. These affect watsonx.data. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the...

5.3CVSS8.8AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 6:16 a.m.•20 views

Security Bulletin: Multiple security vulnerabilities were discovered in IBM Verify Identity Governance

Summary Multiple security vulnerabilities in IBM Java and IBM WebSphere Liberty have been addressed in the latest release of IBM Verify Identity Governance formerly known as IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server...

7.5CVSS8.4AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 5:31 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296.

Summary IBM Maximo Application Suite uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular...

7.5CVSS6.1AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 5:31 a.m.•19 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses bcprov-jdk18on-1.71.jar, werkzeug-3.0.4-py3-none-any.whl and jetty-server-10.0.22.ja which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - IoT Component uses bcprov-jdk18on-1.71.jar, werkzeug-3.0.4-py3-none-any.whl and jetty-server-10.0.22.jar which is vulnerable to CVE-2024-30171, CVE-2023-33201, CVE-2023-33202, CVE-2024-29857, CVE-2024-30172, CVE-2024-8184, CVE-2024-6763, CVE-2024-49767,...

7.5CVSS7.9AI score0.011EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/06 5:30 a.m.•28 views

Security Bulletin: IBM Asset Data Dictionary uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Asset Data Dictionary uses...

9.2CVSS8AI score0.03278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:50 p.m.•20 views

Security Bulletin: Vulnerability in Apache Kafka affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Apache Kafka has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow...

6.5CVSS9AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:50 p.m.•14 views

Security Bulletin: Vulnerability in OpenSSL affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability in OpenSSL has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is...

7.5CVSS7.7AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:50 p.m.•11 views

Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in http-proxy-middleware has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...

7.5CVSS7.6AI score0.01009EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:47 p.m.•14 views

Security Bulletin: Vulnerability in OpenSSL affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in OpenSSL has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denia...

7.5CVSS7.7AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:46 p.m.•16 views

Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Apache Commons IO has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resour...

4.3CVSS5.3AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:44 p.m.•14 views

Security Bulletin: Vulnerability in DOMPurify affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in DOMPurify has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a...

7.3CVSS7.8AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:35 p.m.•12 views

Security Bulletin: Vulnerability in GraphQL Java affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in GraphQL Java has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...

5.3CVSS6.8AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:35 p.m.•8 views

Security Bulletin: Vulnerability in Rollup affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Rollup has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47068 DESCRIPTION: Rollup is vulnerable to...

6.1CVSS6.8AI score0.007EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:35 p.m.•10 views

Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Apache Commons IO has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resour...

4.3CVSS5.3AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:35 p.m.•8 views

Security Bulletin: Vulnerability in Protocol Buffers affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in Protocol Buffers has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...

8.7CVSS6.6AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:34 p.m.•12 views

Security Bulletin: Vulnerability in REXML affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in REXML has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-49761 DESCRIPTION: REXML is an XML toolkit for Ruby...

8.7CVSS6.5AI score0.01429EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:28 p.m.•14 views

Security Bulletin: Vulnerabilities in libexpat affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in libexpat has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45490 DESCRIPTION: libexpat could provide...

9.8CVSS8.2AI score0.01686EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:21 p.m.•11 views

Security Bulletin: Vulnerability in Apache Commons IO affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Apache Commons IO has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO i...

4.3CVSS5.2AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:19 p.m.•10 views

Security Bulletin: Vulnerability in cURL libcurl affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in cURL libcurl has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerabl...

8.6CVSS8.5AI score0.36081EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:18 p.m.•9 views

Security Bulletin: Vulnerability in GNOME GLibl affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in GNOME GLib has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: GNOME GLib could allow a...

5.2CVSS6.7AI score0.00756EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:17 p.m.•10 views

Security Bulletin: Vulnerability in source-map-support affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in all versions of the package source-map-suppor has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21540...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:6 p.m.•8 views

Security Bulletin: Vulnerability in Open Neural Network Exchange (ONNX) affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Open Neural Network Exchange ONNX has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-5187 DESCRIPTION: Open...

8.8CVSS6.7AI score0.01168EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 8:5 p.m.•14 views

Security Bulletin: Vulnerability in Eclipse Vert.x toolkit affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Eclipse Vert.x toolkit has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-1300 DESCRIPTION: A vulnerability...

5.4CVSS6.3AI score0.01055EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 5:1 p.m.•48 views

Security Bulletin: IBM Aspera Shares is vulnerable to multiple high severity vulnerabilities (CVE-2022-1586, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2019-20838, CVE-2022-2068, CVE-2022-1587)

Summary This Security Bulletin addresses multiple high severity OpenSSL security vulnerabilities that have been remediated in IBM Aspera Shares 1.10.0 PL4. Vulnerability Details CVEID:CVE-2022-1586 DESCRIPTION: PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by...

10CVSS9.7AI score0.95764EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 3:27 p.m.•13 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to improper input validation (CVE-2024-52901)

Summary A vulnerability in IBM InfoSphere Information Server due to improper input validation was addressed. Vulnerability Details CVEID:CVE-2024-52901 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to GUI to not load or stop working due to improper input...

6.5CVSS6.5AI score0.00522EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 3:24 p.m.•12 views

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-51460)

Summary An information disclosure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51460 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive information when a detailed technical error message is...

4.3CVSS5.7AI score0.00293EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 2:55 p.m.•13 views

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Netty has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous...

5.3CVSS5.3AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 2:52 p.m.•17 views

Security Bulletin: Vulnerability in MIT Kerberos 5 (aka krb5) affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in MIT Kerberos 5 aka krb5 has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT...

9.1CVSS7.4AI score0.01863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 2:52 p.m.•10 views

Security Bulletin: Vulnerability in cURL libcurl affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in cURL libcurl has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerabl...

8.6CVSS8.5AI score0.36081EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 2:52 p.m.•8 views

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Netty has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous...

5.3CVSS5.3AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 2:48 p.m.•11 views

Security Bulletin: Vulnerabilities in GStreamer affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in GStreamer has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47538 DESCRIPTION: GStreamer is a library fo...

9.8CVSS9.9AI score0.01272EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 2:27 p.m.•13 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in Eclipse Jetty has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is...

6.5CVSS7.6AI score0.01037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 2:27 p.m.•15 views

Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in http-proxy-middleware has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...

7.5CVSS7.6AI score0.01009EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 2:27 p.m.•15 views

Security Bulletin: Vulnerabilities in Java SE affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in Java SE has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21208 DESCRIPTION: Vulnerability in Java SE...

7.4CVSS6.6AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 9:48 a.m.•29 views

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538

Summary IBM Maximo Application Suite uses werkzeug-3.0.4-py3-none-any.whl, cookie-0.4.1.tgz and cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-49767, CVE-2024-49766, CVE-2024-47764 and CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture...

8.7CVSS6.8AI score0.01093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 9:4 a.m.•12 views

Security Bulletin: IBM Instana Observability is vulnerable to Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

Summary A vulnerability that could cause unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip was remediated in IBM Observability with Instana Build 289 CVE-2024-24790. The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6...

9.8CVSS8.7AI score0.01952EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 6:4 a.m.•7 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Java SDK (CVE-2022-40609)

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an...

9.8CVSS7.8AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 5:44 a.m.•8 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server traditional is vulnerable to cross-site scripting

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer...

6.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 5:44 a.m.•4 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server traditional is vulnerable to a XML External Entity (XXE) injection vulnerability in the administrative console

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Manageme...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 5:18 a.m.•16 views

Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to Java SDK (CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597)

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an...

9.1CVSS8.4AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 4:47 a.m.•9 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to GraphQL Java

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty with the mpGraphQL-1.0 or mpGraphQL-2.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin:...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 4:43 a.m.•12 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Apache Derby: LDAP Injection Vulnerability In Authenticator

Summary A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware...

9.8CVSS7.9AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 3:29 a.m.•16 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management Core Framework.

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF28 patch. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...

7.4CVSS6.5AI score0.01257EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35665