Lucene search
K

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 1:31 p.m.•24 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-4032 DESCRIPTION: An unspecified error with ipaddress considers some not...

9.8CVSS9AI score0.05582EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 12:55 p.m.•6 views

Security Bulletin: Vulnerability in Apache commons-compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service attack and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a...

5.5CVSS5.7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 12:46 p.m.•11 views

Security Bulletin: Vulnerability in Bouncy Castle Crypto Package for Java affects watsonx.data

Summary The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service attack. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the...

7.5CVSS7.4AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 12:42 p.m.•18 views

Security Bulletin: Vulnerability in snappy-java affects watsonx.data

Summary snappy-java is vulnerable to denial of service attacks, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the shuffle function. By sending a specially crafted request,...

7.5CVSS6.8AI score0.01707EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 12:0 p.m.•14 views

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution on the system due to the Apache Avro component (CVE-2024-47561).

Summary IBM Event Streams is vulnerable to arbitrary code execution on the system. Apache Avro is commonly used in event streams like Apache Kafka to serialize and deserialize event data, providing a structured, efficient, and schema-based format for transmitting messages between producers and...

9.2CVSS7.5AI score0.03278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 11:29 a.m.•19 views

Security Bulletin: Vulnerability in expressjs serve-static affects watsonx.data

Summary expressjs serve-static is vulnerable to cross-site scripting, and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

5CVSS6.1AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 11:26 a.m.•8 views

Security Bulletin: Vulnerability in VMware Tanzu Spring Security affects watsonx.data

Summary VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38810 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to obtain sensitive information, caused by missin...

7.5CVSS6.3AI score0.00432EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 11:11 a.m.•8 views

Security Bulletin: Vulnerability in Psf Requests affects watsonx.data

Summary Psf Requests is vulnerable to bypass security restrictions, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementation...

5.6CVSS6.2AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 11:8 a.m.•30 views

Security Bulletin: Vulnerabilities in jQuery affect watsonx.data

Summary jQuery is vulnerable to cross site scripting attacks and to untrusted code execution attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remot...

6.9CVSS6.9AI score0.99019EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 11:4 a.m.•10 views

Security Bulletin: Vulnerabiity in Async Http Client affects watsonx.data

Summary Async Http Client aka async-http-client could allow a remote attacker to bypass security restrictions. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2017-14063 DESCRIPTION: Async Http Client aka async-http-client could allow a remote attacker to bypass security...

7.5CVSS6.5AI score0.03046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 7:9 a.m.•13 views

Security Bulletin: Vulnerability in OpenSSH affects watsonx.data

Summary The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks . This could affect watsonx.data. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain...

5.9CVSS7.1AI score0.9378EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/30 7:2 a.m.•12 views

Security Bulletin: Vulnerability in zipp affects watsonx.data

Summary zipp is vulnerable to a denial of service attack, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a local attacker...

6.2CVSS6.2AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 9:9 p.m.•60 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF034 and 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated...

8.1CVSS9.6AI score0.99999EPSS
Exploits23Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 9:6 p.m.•26 views

Security Bulletin: Security vulnerability found in libxml2 package shipped with IBM CICS TX Advanced 10.1

Summary Security vulnerability found in libxml2 package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using th...

7.5CVSS7.9AI score0.01364EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 9:6 p.m.•87 views

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)

Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service CVE-2024-25062. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. Whe...

7.5CVSS7.7AI score0.01364EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 9:5 p.m.•55 views

Security Bulletin: Operations Dashboard is vulnerable to denial of service due to Go (CVE-2023-24534)

Summary Operations Dashboard is vulnerable to denial of service due to Go CVE-2023-24534 with details below. Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial o...

7.5CVSS8.4AI score0.01888EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 9:4 p.m.•32 views

Security Bulletin: IBM Storage Protect Server is vulnerable to denial of service due to Golang Go ( CVE-2023-24534 )

Summary Golang Go is used by IBM Storage Protect Server and may be affected by vulnerability CVE-2023-24534. Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial o...

7.5CVSS8.5AI score0.01888EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 9:0 p.m.•25 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to denial of service due to [CVE-2023-24534]

Summary IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Golang Go. CVE-2023-24534 Vulnerability Details CVEID:CVE-2023-24534 DESCRIPTION: HTTP and MIME...

7.5CVSS8.5AI score0.01888EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 8:23 p.m.•26 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to GNOME libxml2 denial of service vulnerability [ CVE-2024-25062]

Summary Potential GNOME libxml2 denial of service vulnerability CVE-2024-25062 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-25062...

7.5CVSS7.8AI score0.01364EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 8:21 p.m.•34 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local or remote authenticated attacker could exploit the vulnerability to obtain sensitive information, to cause a denial of service condition and to cause a segmentation fault, ...

7.8CVSS8.3AI score0.00266EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 8:16 p.m.•39 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a local or remote authenticated attacker could exploit the vulnerability to obtain sensitive information, to cause a denial of service condition and to cause a segmentation fault, ...

8CVSS7.5AI score0.00561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 8:13 p.m.•38 views

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2019-19012 DESCRIPTION: Oniguruma is vulnerable to a denial of service, caused by an integer...

9.8CVSS9.6AI score0.4292EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 7:23 p.m.•6 views

Security Bulletin: Vulnerability in pypa/setuptools affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerability in pypa/setuptools has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could...

8.8CVSS9AI score0.01939EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 7:22 p.m.•11 views

Security Bulletin: Vulnerabilities in ISC BIND affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential vulnerabilities in ISC BIND has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to...

7.5CVSS7.9AI score0.02114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 7:19 p.m.•47 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open-Source Software (OSS) components

Summary There are vulnerabilities in multiple Open-Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Workspace by upgrading or removing the vulnerable libraries. Please refer to the table in the Related...

9.1CVSS9AI score0.91969EPSS
Exploits5Affected Software4
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 6:45 p.m.•17 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to stored cross-site scripting.

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS5.9AI score0.00218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 5:38 p.m.•21 views

Security Bulletin: Vulnerabilities in zlib can affect watsonx.data

Summary zlib is vulnerable to denial of service attacks. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2016-9842 DESCRIPTION: zlib is vulnerable to a denial of service, caused by an undefined left shift of negative number. By persuading a victim to open a specially crafted documen...

8.8CVSS9.3AI score0.05161EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 5:24 p.m.•47 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in xstream-1.4.9.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of xstream-1.4.9.jar Vulnerability Details CVEID:CVE-2021-21344 DESCRIPTION: XStream could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when processing stream at unmarshallin...

9.8CVSS9.9AI score0.82392EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 3:35 p.m.•31 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty (CVE-2024-47535)

Summary There is a vulnerability in the Netty library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid...

5.5CVSS8.2AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 2:32 p.m.•19 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.2 Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

5CVSS6AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 12:57 p.m.•72 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics 2.1.3 and IBM Planning Analytics 2.0.96 by upgrading or removing the vulnerable libraries. Please refer to the...

7.5CVSS10AI score0.03174EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 10:56 a.m.•13 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-52798]

Summary node.js module path-to-regexp is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in node.js module...

8.7CVSS6.2AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 10:54 a.m.•14 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...

6.8CVSS6.3AI score0.00736EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 10:11 a.m.•18 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45087)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

4.8CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 4:50 a.m.•16 views

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition (ITNM).

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 21 4.2.0.21 Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceedin...

9.8CVSS9.5AI score0.48716EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 3:19 a.m.•13 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10979

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. Vulnerability Details CVEID:CVE-2024-10979 DESCRIPTION: Incorrect...

8.8CVSS7.1AI score0.04422EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 3:17 a.m.•24 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10976

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. Vulnerability Details CVEID:CVE-2024-10976 DESCRIPTION: Incomplete tracking in PostgreSQL of...

5.4CVSS6.5AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 3:15 a.m.•10 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10977

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could provide weaker than expected security, caused by a flaw with retaining an error message from man-in-the-middle. A remote attacker could exploit this vulnerability to launch further attacks on the system. Vulnerability...

3.7CVSS6.4AI score0.0038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 3:14 a.m.•9 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10978

Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, which could allow a remote authenticated attacker to bypass security restrictions, caused by an incorrect privilege assignment Vulnerability Details CVEID:CVE-2024-10978 DESCRIPTION: PostgreSQL could allow a remote authenticated...

4.2CVSS6.5AI score0.00705EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/29 2:15 a.m.•11 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime impact IBM SPSS Modeler

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime impact IBM SPSS Modeler CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850, CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131,...

7.5CVSS5.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•19 views

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2024-27270]

Summary Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Patterns . Vulnerability Details CVEID:CVE-2024-27270 DESCRIPTION: IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This...

6.1CVSS5.9AI score0.0037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•26 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System [CVE-2023-50312, CVE-2024-22329]

Summary Vulnerability in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...

6.5CVSS6.6AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•132 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-6119) due to OpenSSL

Summary Vulnerability in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-6119. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error...

7.5CVSS7.6AI score0.66594EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•31 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

5.6CVSS6.2AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable due to Axios vulnerability (CVE-2024-39338)

Summary IBM Sterling External Authentication Server SEAS uses Axios, which is vulnerable to Server-side Request Forgery SSRF. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get...

7.5CVSS6.3AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2024-48948)

Summary There is a vulnerability in elliptic used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cookie could allow a remote attacker to...

6.9CVSS6.8AI score0.00749EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•13 views

Security Bulletin: Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to cross-site scripting due to Webpack and Rspack CVE-2024-43788

Summary Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to cross-site scripting due to Webpack and Rspack CVE-2024-43788 with details below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-43788 DESCRIPTION: Webpack and Rspack are...

6.4CVSS6.2AI score0.00897EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•31 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and server-side request forgery [CVE-2024-45590] [CVE-2024-39338]

Summary Node.js modules expressjs and axios are used by IBM App Connect Enterprise Certified Container for making and responding to HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and server-side request forgery. This bulletin...

7.5CVSS6.8AI score0.01414EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•26 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Missing or Insecure "Frame-Ancestors" policy in "Content-Security-Policy" header CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Missing or Insecure "Frame-Ancestors" policy in "Content-Security-Policy" header CVE-2024-35145. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35145...

7.5CVSS6.8AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of...

5.3CVSS6.7AI score0.01429EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35665