Lucene search
K

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 1:4 a.m.•34 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Golang html package is vulnerable to cross-site scripting CVE-2023-3978. Golang Go is vulnerable to a denial of service CVE-2023-4528...

7.5CVSS8.4AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 12:58 a.m.•50 views

Security Bulletin: spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services (CVE-2024-22259)

Summary spring-web-5.3.30.jar may affect SPSS Collaboration and Deployment Services CVE-2024-22259 Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

8.1CVSS6.2AI score0.03967EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 12:57 a.m.•50 views

Security Bulletin: Multiple security vulnerabilities have been identified in DB2 JDBC driver shipped with IBM Tivoli Business Service Manager

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib...

9.8CVSS9.3AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/05 12:56 a.m.•41 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an authenticated or local authenticated attacker could exploit these vulnerabilities to cause a kernel panic, to cause a denial of service condition as described by the CVEs in the...

7.8CVSS8.2AI score0.00256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 9:20 p.m.•25 views

Security Bulletin: IBM Watson Query (Data Virtualization) on Cloud Pak for Data Vulnerable to Insufficient Session Expiration (CVE-2024-35160)

Summary IBM Watson Query, also known as Data Virtualization, is affected by insufficient session expiration when handling authorizations. Vulnerability Details CVEID:CVE-2024-35160 DESCRIPTION: IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3...

6.5CVSS5.6AI score0.00352EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 9:18 p.m.•24 views

Security Bulletin: IBM Security Guardium is affected by Kernel vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-26930 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by double free of the ha-vpmap pointer. By sending a specially crafted request, a local authenticated...

7.8CVSS8.9AI score0.00407EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 9:6 p.m.•17 views

Security Bulletin: Vulnerabilities in OpenPrinting affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerability in OpenPrinting has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. These vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-35235 DESCRIPTION: OpenPrinting CUPS coul...

9.8CVSS8.2AI score0.76959EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 9:6 p.m.•39 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2021-46939 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caus...

9.8CVSS9.4AI score0.01358EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 9:5 p.m.•54 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2020-26555 DESCRIPTION: Bluetooth Core and Mesh Specifications could allow a...

7CVSS8.8AI score0.00887EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 8:59 p.m.•32 views

Security Bulletin: Financial Transaction Manager for Digital Payments is impacted by multiple vulnerabilities in IBM Java SE

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager 3.2.13 for Digital Payments, Corporate Payment Services and High Value Payments. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...

7.5CVSS7.5AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 8:58 p.m.•17 views

Security Bulletin: TSSC/IMC is vulnerable to 6 unspecified vulnerabilities in Java SE

Summary TSSC/IMC is vulnerable to 6 unspecified vulnerabilities in Java SE. The latest code level has an upgrade to the relevant libaries to fix CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952 Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: A...

7.5CVSS7AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 8:57 p.m.•16 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2024-25062)

Summary libxml2 is used in the DataPower Gateway's DB2 connector. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing...

7.5CVSS7.7AI score0.01364EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 8:56 p.m.•29 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 8:55 p.m.•23 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 8:53 p.m.•44 views

Security Bulletin: Multiple vulnerabilities in Go affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in Go affect IBM Robotic Process Automation for Cloud Pak. This bulletin identifies fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an uncontrolled...

8.3CVSS8.7AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 8:52 p.m.•43 views

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI images are used by IBM Robotic Process Automation base containers. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...

9.8CVSS9.3AI score0.03969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 8:41 p.m.•54 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to...

8.1CVSS9.1AI score0.01947EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 8:11 p.m.•58 views

Security Bulletin: IBM Sterling B2B Integrator is Vulnerable to Remote Code Execution

Summary IBM Sterling B2B Integrator has addressed the remote code execution vulnerabilty Vulnerability Details CVEID:CVE-2024-31903 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition allow an attacker on the local network to execute arbitrary code on the system, caused by the deserializati...

8.8CVSS7.9AI score0.00968EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 7:34 p.m.•37 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.

Summary IBM Storage Protect Server, which uses IBM Db2, may be affected by multiple vulnerabilities that could result in denial of service or the loss of confidentiality, integrity, or availability. These vulnerabilities include CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308,...

9.8CVSS9.2AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 7:33 p.m.•19 views

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerability in Golang Go (CVE-2023-45288).

Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to loss of availability of host system. This bulletin identifies the steps to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2...

7.5CVSS8.1AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 7:32 p.m.•55 views

Security Bulletin: There are multiple vulnerabilities that can affect IBM Storage Scale System that are now included

Summary There are multiple vulnerabilities, used by IBM Storage Scale System, which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-26643 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error related to page fault...

7.8CVSS9.6AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 7:31 p.m.•28 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js vulnerabilities [ CVE-2024-27982, CVE-2024-27983]

Summary Potential vulnerabilities in Node.js CVE-2024-27982, CVE-2024-27983 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27982...

8.2CVSS7.3AI score0.87211EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 7:30 p.m.•28 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in pdfjs-dist

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of pdfjs-dist Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This...

8.8CVSS7.2AI score0.72648EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:37 p.m.•46 views

Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable with IBM Semeru Runtime Quarterly CPU - Apr 2023

Summary IBM Semeru Runtime Quarterly CPU - Apr 2023 - Includes OpenJDK April 2023 CPU plus CVE-2023-25193 and CVE-2023-2597 and affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle Graal...

9.1CVSS8.4AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:24 p.m.•25 views

Security Bulletin: vulnerability in Netty affects IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by a vulnerability in Netty that can cause denial of service CVE-2024-29025 Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance...

5.3CVSS6.3AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:15 p.m.•95 views

Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH and Linux. Vulnerabilities include, causing a denial-of-service condition, the elevation of privileges, remote execution of arbitrary code, HTTP header injection, HTML injection,...

9.8CVSS10AI score0.91969EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:15 p.m.•20 views

Security Bulletin: Multiple Vulnerabilities in Golang Affect IBM Cloud Pak System

Summary Vulnerabilities in Golang affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-24789 DESCRIPTION: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an...

9.8CVSS8.1AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:14 p.m.•52 views

Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol

Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the systemd library. CVE-2023-48795, CVE-2023-51385 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions,...

6.5CVSS7.8AI score0.9378EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:12 p.m.•45 views

Security Bulletin: Vulnerabilities in jackson-databind affect IBM watsonx.data

Summary FasterXML jackson-databind has multiple vulnerabilities including the possibility of remote attackers executing arbitrary code on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute...

10CVSS10AI score0.12679EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:11 p.m.•35 views

Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol

Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the libssh library. CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH...

5.9CVSS7AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:10 p.m.•33 views

Security Bulletin: Multiple Security Vulnerabilities were found in IBM Security Verify Access Appliance. (CVE-2024-49803, CVE-2024-49804, CVE-2024-49805, CVE-2024-49806)

Summary Multiple Security Vulnerabilities were addressed in the IBM Security Verify Access Appliance management interface. Vulnerability Details CVEID:CVE-2024-49803 DESCRIPTION: IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute...

9.8CVSS9.7AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:8 p.m.•50 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.7 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.7 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-46984 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw when...

8.4CVSS9AI score0.00413EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:6 p.m.•56 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.9CVSS9.7AI score0.99506EPSS
Exploits69Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 6:3 p.m.•38 views

Security Bulletin: IBM Instana Observability is vulnerable to AuthZ Plugin Bypass and Privilege Escalation

Summary Vulnerability in Docker Engine that could allow attackers to bypass authorization plugins AuthZ was remediated in IBM Observability with Instana Build 279. CVE-2024-41110 Vulnerability Details CVEID:CVE-2024-41110 DESCRIPTION: Moby is an open-source project created by Docker for software...

9.9CVSS9.9AI score0.16496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 3:30 p.m.•8 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to an attacker with deploy privilege (CVE-2025-0799)

Summary Malicious bar files could allow an attacker with deploy privilege to write arbitrary files on the file system for a running IBM App Connect Enterprise installation. Vulnerability Details CVEID:CVE-2025-0799 DESCRIPTION: IBM App Connect enterprise could allow an authenticated user to write...

6.5CVSS6.7AI score0.00479EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 11:18 a.m.•12 views

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high integrity impact, low confidentiality impat. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to t...

7.4CVSS8.8AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 7:28 a.m.•10 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917 are affected by multiple vulnerabilities

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their October 2024 Critical Patch Update, plus CVE-2024-10917. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addresse...

5.3CVSS6.1AI score0.00423EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/04 1:7 a.m.•36 views

Security Bulletin: Vulnerability with Eclipse Jetty, e2fsprogs, dnsjava , Apache Commons IO, Apache HTTP Server and Java SE affect IBM Cloud Object Storage Systems (Dec 2024)

Summary Vulnerability with Eclipse Jetty CVE-2024-9823, CVE-2024-6763, CVE-2024-8184, e2fsprogs CVE-2022-1304 dnsjava CVE-2024-25638, Apache Commons IO. CVE-2024-47554 , Apache HTTP ServerCVE-2024-40725 and Java SE CVE-2024-21217,CVE-2024-21235, CVE-2024-21210. This vulnerability has been address...

8.9CVSS8.4AI score0.04134EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 11:4 p.m.•59 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities.

Summary IBM Cloud Pak for Network Automation 2.7.5 addresses multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-32879 DESCRIPTION: Python Social Auth Django could allow a remote authenticated attacker to bypass security restrictions, caused by improper handling of case...

8.2CVSS9.2AI score0.8496EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 11:3 p.m.•35 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Mozilla Firefox arbitrary code execution vulnerability [CVE-2024-4367]

Summary Potential Mozilla Firefox arbitrary code execution vulnerability CVE-2024-4367 have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-436...

8.8CVSS7.7AI score0.72648EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 11:1 p.m.•34 views

Security Bulletin: IBM Cloud Pak for Data has a vulnerable base OS image due to kernel-headers ( CVE-2022-1012, CVE-2022-32250 )

Summary Kernel-headers used by IBM Cloud Pak for Data as part of the base OS image. CVE-2022-1012, CVE-2022-32250. Vulnerability Details CVEID:CVE-2022-1012 DESCRIPTION: A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb...

8.2CVSS7.6AI score0.02972EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 11:0 p.m.•51 views

Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH.

Summary IBM Cloud Pak System is vulnerable to multiple vulnerabilities in Golang Go and Apache OpenSSH. Vulnerability Details CVEID:CVE-2024-24785 DESCRIPTION: Golang Go could allow a remote attacker to bypass security restrictions, caused by a flaw in the MarshalJSON methods in the html/template...

7.5CVSS8.6AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 10:59 p.m.•26 views

Security Bulletin: Multiple vulnerabilities in Java affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in Java affect IBM Robotic Process Automation. java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21094...

7.5CVSS7.7AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 10:58 p.m.•37 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote...

7.5CVSS6.9AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 10:57 p.m.•29 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect Cloud Pak System

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Cloud Pak System . These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...

7.5CVSS6.5AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 10:55 p.m.•32 views

Security Bulletin: Vulnerabilities in Java SE affect watsonx.data

Summary Unspecified vulnerabilities in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact. These can impact watsonx.data. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Jav...

7.4CVSS7.5AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 10:53 p.m.•54 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from kerberos 5, libxml2, go-jose, runc

Summary IBM MQ Operator and Queue manager container images are vulnerable to kerberos 5, libxml2, go-jose, runc. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2024-26461 DESCRIPTION: Kerberos 5 is vulnerable to a denial of service,...

8.6CVSS7.6AI score0.18087EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 10:51 p.m.•14 views

Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to denial of service due to Netty vulnerability CVE-2024-29025

Summary Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to denial of service due to Netty vulnerability CVE-2024-29025. This has been remediated. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rap...

5.3CVSS6.3AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 10:50 p.m.•25 views

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Containerized Identity Manager

Summary Multiple security vulnerabilities have been addressed in the update to IBM Security Verify Governance - Containerized Identity Manager component. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improp...

7.5CVSS8AI score0.99019EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/02/03 10:48 p.m.•27 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty

Summary IBM Cloud Pak for Data contains a vulnerable version of Netty Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The...

5.3CVSS6.3AI score0.0138EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35665