Lucene search
K

35665 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...

7.5CVSS7.5AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to requests-2.31.0-py3-none-any.whl CVE-2024-35195. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

5.6CVSS6.3AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•18 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to braces-3.0.2.tgz CVE-2024-4068

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to braces-3.0.2.tgz CVE-2024-4068. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service,...

7.5CVSS6.4AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to axios-1.7.2.tgz CVE-2024-39338. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused b...

7.5CVSS7.5AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•30 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2024-9143]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-9143 Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused b...

4.3CVSS7.4AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•43 views

Security Bulletin: IBM Maximo Application Suite - MVI Component uses tar-6.2.0.tgz, Flask_Cors-3.0.10-py2.py3-none-any.whl, bcprov-jdk18on-1.72.jar which are vulnerable to CVE-2024-28863, CVE-2024-1681 and CVE-2024-30171

Summary Security Bulletin: IBM Maximo Application Suite - MVI Component uses tar-6.2.0.tgz, FlaskCors-3.0.10-py2.py3-none-any.whl, bcprov-jdk18on-1.72.jar which are vulnerable to CVE-2024-28863, CVE-2024-1681 and CVE-2024-30171 Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: isaacs node-t...

6.5CVSS7.4AI score0.00929EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•47 views

Security Bulletin: Vulnerabilities in requests, setuptools , python-certifi & urllib3 can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore [CVE-2024-35195,CVE-2024-6345,CVE-2024-39689,CVE-2024-37891]

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in requests, setuptools , python-certifi & urllib3 which include bypass security restrictions , by using download functions to inject and execute arbitrary code on the system, weaker...

8.8CVSS9.2AI score0.01939EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•10 views

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-7254).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-7254. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers...

8.7CVSS7.4AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•18 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2024-48948)

Summary There is a vulnerability in elliptic used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-48948 DESCRIPTION: Elliptic could allow a remote attacker to bypas...

4.8CVSS6.8AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•13 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to server-side request (CVE-2024-39338)

Summary There is a vulnerability in Axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery...

7.5CVSS6.4AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using a component with a known vulnerability (CVE-2024-39338)

Summary The product includes a vulnerable component e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is...

7.5CVSS6.2AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•33 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to micromatch-4.0.5.tgz CVE-2024-4067. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of...

5.3CVSS6.6AI score0.01429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards that use COS S3 storage are vulnerable to denial of service and security restrictions bypass [CVE-2024-48948] [CVE-2024-48949]

Summary Node.js module elliptic is used by IBM App Connect Enterprise Certified Container for signature validation. IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage are vulnerable to denial of service and security restrictions bypass. This bulletin provide...

9.1CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•24 views

Security Bulletin: Maximo Application Suite - braces-3.0.2.tgz package is vulnerable to CVE-2024-4068 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses braces-3.0.2.tgz package which is vulnerable to CVE-2024-4068. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a...

7.5CVSS6.4AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery (CVE-2024-39338).

Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery. Axios is used by IBM Robotic Process Automation as part of the Carbon UI framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability...

7.5CVSS6.4AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•19 views

Security Bulletin:Psf Requests Vulnerability Affects IBM Data Observability by Databand Self-Hosted (CVE-2024-35195)

Summary A vulnerability in Psf Requests was addressed in IBM Data Observability by Databand Self-Hosted Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementati...

5.6CVSS6AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js braces module denial of service vulnerability [ CVE-2024-4068]

Summary Potential Node.js braces module denial of service vulnerability CVE-2024-4068 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40...

7.5CVSS7.4AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: Vulnerability in idna  ( CVE-2024-3651) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-3651 has been identified related to idna that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-3651...

7.5CVSS6.2AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•32 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Jetty (CVE-2024-8184)

Summary Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the ThreadLimitHandler.getRemote function. By sending specially crafted requests, a remote attacker could exploit this vulnerability to exhaust the server memory and results in a denial of service...

6.5CVSS6.4AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•17 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses idna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses idna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafte...

7.5CVSS6.6AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•11 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2024-22365)

Summary This vulnerablility may affect database access, and DataPower Virtual Edition. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by a flaw in pamnamespace.so. By sending a specially crafted request, a local attacker could exploi...

5.5CVSS6.5AI score0.00459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: IBM Asset Data Dictionary Component uses zipp-3.15.0-py3-none-any.whl and urllib3-2.0.7-py3-none-any.whl which is vulnerable to CVE-2024-5569 and CVE-2024-37891

Summary IBM Asset Data Dictionary Component uses zipp-3.15.0-py3-none-any.whl and urllib3-2.0.7-py3-none-any.whl which is vulnerable to CVE-2024-5569 and CVE-2024-37891. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569...

6.5CVSS7AI score0.01141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•19 views

Security Bulletin: IBM Maximo Application Suite uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569

Summary IBM Maximo Application Suite uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by ...

6.2CVSS6.2AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•17 views

Security Bulletin: Vulnerability in MIT Kerberos krb5 (CVE-2024-37371) affects Power HMC.

Summary The MIT Kerberos krb5 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-37371 DESCRIPTION: MIT Kerberos 5 aka krb5 is vulnerable to a denial of service, caused by an invalid memory reads during GSS message...

9.1CVSS6.6AI score0.01863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: IBM Maximo Application Suite - IoT Compoenet uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569

Summary IBM Maximo Application Suite - IoT Component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to CVE-2024-5569. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of...

6.2CVSS6.7AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•19 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-53981]

Summary python-multipart is used by IBM App Connect Enterprise Certified Container for parsing messages sent to the mapping assistance component. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulleti...

7.5CVSS6.3AI score0.00644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to keras-2.12.0-py2.py3-none-any.whl CVE-2024-3660

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to keras-2.12.0-py2.py3-none-any.whl CVE-2024-3660. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-3660 DESCRIPTION: TensorFlow Keras could allow a remote attack...

9.8CVSS7.8AI score0.01745EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to ipp-3.15.0-py3-none-any.whl CVE-2024-5569. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused ...

6.2CVSS6.2AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: Vulnerability in idna  ( CVE-2024-3651) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-3651 has been identified related to idna that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-3651...

7.5CVSS6.2AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•12 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp [CVE-2024-5569]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in zipp, caused by an infinite loop flaw in the Path module CVE-2024-5569. Zipp is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

6.2CVSS6.1AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•29 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569 Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in th...

6.2CVSS6.5AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...

9.8CVSS7.8AI score0.01745EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•24 views

Security Bulletin: IBM Maximo Application Suite: idna-2.8-py2.py3-none-any.whl is vulnerable to CVE-2024-3651 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses idna-2.8-py2.py3-none-any.whl which is vulnerable to CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted argument to the idna.encod...

7.5CVSS6.4AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: Multiple Vulnerabilities in docker affect Cloud Pak System[CVE-2024-24557, CVE-2024-29018]

Summary Vulnerabilities in Open Source docker affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-29018 DESCRIPTION: moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By sending a specially crafted request, a remot...

7.8CVSS6.3AI score0.0075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component uses spring-security-web-6.3.3.jar which is vulnerable to this CVE-2024-38821. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMwa...

9.1CVSS6.4AI score0.01726EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•18 views

Security Bulletin: Financial Transaction Manager v4 is impacted by a denial of service(DoS) vulnerability in WebSphere Liberty (CVE-2024-25026)

Summary IBM WebSphere Application Server Liberty is bundled with Financial Transaction Manager. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of...

7.5CVSS6.5AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818.

Summary IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is...

7.5CVSS7.4AI score0.01414EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-43868]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-43868 Vulnerability Details CVEID:CVE-2024-43868 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw related to align...

5.5CVSS6.2AI score0.00222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•38 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by an OpenSSH security vulnerability (CVE-2024-6387)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in OpenSSH which could allow a remote attacker to execute arbitrary commands on the system with root privileges CVE-2024-6387. Vulnerability Details CVEID: CVE-2024-6387 Description: OpenSSH could allow a remote...

8.1CVSS8.1AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•11 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-50243]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-50243 Vulnerability Details CVEID:CVE-2024-50243 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by general protection fault i...

5.5CVSS6.2AI score0.00218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to information disclosure (CVE-2024-40706)

Summary An information disclosure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-40706 DESCRIPTION: IBM InfoSphere Information Server could allow a remote user to obtain sensitive version information that could aid in further attacks against the...

5.3CVSS6.1AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-39490]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-39490 Vulnerability Details CVEID:CVE-2024-39490 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missi...

6.2CVSS6.3AI score0.00223EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•34 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in modproxy. By...

8.1CVSS6.7AI score0.25878EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•26 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go security bypass vulnerabilitiy( CVE-2024-24785)

Summary Potential Golang Go security bypass vulnerabilitiy CVE-2024-24785has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24785 DESCRIPTION: Golang Go could all...

5.4CVSS8.2AI score0.00795EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•14 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security weakness in GNU Emacs [CVE-2024-39331]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security weakness in GNU Emacs, caused by a code injection flaw in org-link-expand-abbrev in lisp/ol.el CVE-2024-39331. GNU Emacs is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details...

9.8CVSS7.3AI score0.01323EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2024-5535]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-5535 Vulnerability Details CVEID:CVE-2024-5535 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a buffer over-read flaw in the...

9.1CVSS6.9AI score0.05582EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•34 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to spring-webmvc-6.1.12 (CVE-2024-38816)

Summary IBM Sterling Connect:Direct Web Services uses spring webmvc jar, Spring Security could allow a remote attacker to obtain sensitive information, caused by a path traversal attack in applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux...

7.5CVSS6.3AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-43800 CVE-2024-43799 CVE-2024-6119.

Summary IBM Maximo Application Suite uses serve-static-1.15.0.tgz, send-0.18.0.tgz and cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-43800, CVE-2024-43799 and CVE-2024-6119. This bulletin contains information regarding the vulnerability and its fixture...

7.5CVSS8.1AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•14 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to stored cross-site scripting (CVE-2024-45073).

Summary The security issue described in CVE-2024-45073 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

4.8CVSS6.5AI score0.00233EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Kubernetes kubelet [CVE-2024-5321]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in Kubernetes kubelet, caused by incorrect permissions on Windows containers logs CVE-2024-5321. Kubernetes kubelet is used by our Speech Service utilities. This vulnerabilitiy has been addressed. Please...

6.1CVSS6AI score0.00312EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35665