Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 11:23 a.m.31 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2023-3817]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-3817 Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck,...

5.3CVSS6.8AI score0.00187EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 10:48 a.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.1 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java...

9.2CVSS8AI score0.00747EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 10:42 a.m.17 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this...

6.1CVSS6.1AI score0.00751EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 10:30 a.m.24 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [ CVE-2023-3446]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck,...

5.3CVSS6.5AI score0.00751EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 10:26 a.m.20 views

Security Bulletin: Due to use of Async, IBM Event Streams is vulnerable to Regular Expression denial of service

Summary Async is used by IBM Event Streams CVE-2024-39249 Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By sending a specially crafted...

7.5CVSS7.4AI score0.00161EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 10:20 a.m.35 views

Security Bulletin: Due to use of cURL libcurl, IBM Event Streams is vunerable to bypass security restrictions.

Summary cURL libcurl is used in IBM Event Streams CVE-2023-28322 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is expected to be changed from a PUT to a...

5.3CVSS6.7AI score0.00711EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 10:9 a.m.37 views

Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...

8.1CVSS7.9AI score0.00637EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 10:8 a.m.16 views

Security Bulletin: Due to use of Async, IBM Event Processing is vulnerable to Regular Expression Denial of Service

Summary Async is used by IBM Event Processing as part of the frontend. CVE-2024-39249 Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while parsing function in autoinject function. By...

7.5CVSS7.4AI score0.00161EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 10:5 a.m.19 views

Security Bulletin: Due to use of Axios, IBM Event Processing is vulnerable to server-side request forgery

Summary Axios is used by IBM Event Processing frontend. CVE-2024-39338 Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs. By sending a specially...

7.5CVSS6.2AI score0.02141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 9:33 a.m.27 views

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Standard.

Summary Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Standard. Updates to IBM CICS TX Standard have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component...

4.8CVSS5.6AI score0.0045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 9:28 a.m.24 views

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect IBM Java shipped with IBM CICS TX Advanced. Updates to IBM CICS TX Advanced have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component...

4.8CVSS5.6AI score0.0045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 9:24 a.m.13 views

Security Bulletin: A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard.

Summary A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liber...

7.5CVSS7.3AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 9:21 a.m.26 views

Security Bulletin: A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms.

Summary A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere...

7.5CVSS7.5AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 9:15 a.m.29 views

Security Bulletin: A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced.

Summary A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liber...

7.5CVSS7.5AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 5:46 a.m.23 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is uses spring-web-6.0.21.jar which is vulnerable to denial of service

Summary IBM Sterling Connect:Direct Web Services uses VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by...

5.3CVSS6.8AI score0.0014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 5:42 a.m.18 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by PostgreSQL TOCTOU vulnerability

Summary IBM Sterling Connect:Direct Web Services uses PostgreSQL, PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a tme-of-check time-of-use TOCTOU race condition in pgdump. Vulnerability Details CVEID:CVE-2024-7348 DESCRIPTION: PostgreS...

8.8CVSS7.7AI score0.00743EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 5:39 a.m.16 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by multiple IBM JRE vulnerabilites

Summary IBM Sterling Connect:Direct Web Services uses IBM java. An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity impacts. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerabili...

4.8CVSS5.2AI score0.0045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 5:35 a.m.19 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by multiple IBM JRE vulnerabilities

Summary IBM Sterling Connect:Direct Web Services uses IBM java, which has an unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified...

7.4CVSS5.3AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/12 2:31 a.m.275 views

Security Bulletin: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-2018-25032, CVE-2022-2068)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera Faspex 4.4.2 PL2. Vulnerability Details CVEID:CVE-2022-28330 DESCRIPTION: Apache HTTP Server could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

10CVSS10AI score0.94303EPSS
Exploits14Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 10:21 p.m.20 views

Security Bulletin: IBM Master Data Management vulnerable to information disclosure due to IBM WebSphere Application Server

Summary IBM Master Data Management version 11.6, 12.0, and 14.0 are impacted by vulnerability in IBM WebSphere Application Server that can lead to information disclosure. IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. A...

5.9CVSS5.8AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 10:4 p.m.38 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to...

5.9CVSS7.5AI score0.0045EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 6:1 p.m.24 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details CVEID:CVE-2024-45086 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when...

5.5CVSS6.5AI score0.00038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 5:51 p.m.28 views

Security Bulletin: Potential Denial of Service in IBM Storage Defender - Data Protect

Summary IBM Storage Defender - Data Protect is potentially vulnerable to a denial of service attack via CVE-2022-21698. Vulnerability Details CVEID:CVE-2022-21698 DESCRIPTION: Prometheus Go client library clientgolang is vulnerable to a denial of service, caused by a flaw when handling requests...

7.5CVSS7.2AI score0.0045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 5:41 p.m.22 views

Security Bulletin: IBM Maximo Asset Management application is vulnerable to unrestricted file upload (CVE-2024-45077)

Summary IBM Maximo MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of adding a dot to the end of the file name if Maximo is installed on Windows operating system. Vulnerability Details...

6.5CVSS6.7AI score0.0009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 2:16 p.m.74 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-21147, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2023-50314 Vulnerability Details Refer to the security bulletins...

7.5CVSS9.8AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 11:31 a.m.37 views

Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 20 (4.2.0.20)

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 20 4.2.0.20 Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling. By...

7.5CVSS9.6AI score0.34098EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 9:36 a.m.15 views

Security Bulletin: Security vulnerability due to Apache Derby package shipped with IBM CICS TX Standard

Summary Security vulnerability due to Apache Derby package shipped with IBM CICS TX Standard. The Apache Derby package version has been updated. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP...

9.8CVSS7.1AI score0.00047EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 7:56 a.m.43 views

Security Bulletin: IBM WebSphere Application Server traditional shipped with IBM Tivoli System Automation Application Manager is vulnerable to an XML External Entity Injection (XXE) vulnerability

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-45086 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

5.5CVSS7.2AI score0.00038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/11 2:5 a.m.34 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2022-3094]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-3094 Vulnerability Details CVEID:CVE-2022-3094 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the allocation of memory prior to...

7.5CVSS6.8AI score0.02338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/08 4:2 p.m.21 views

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...

7.4CVSS7.1AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/08 8:8 a.m.34 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

10CVSS10AI score0.49062EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/07 10:3 p.m.59 views

Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2023-36328) due to tcl

Summary Vulnerability in tcl could allow a remote attacker to execute arbitrary code or cause a denial of service CVE-2023-36328. Vulnerability Details CVEID:CVE-2023-36328 DESCRIPTION: libtom libtommath is vulnerable to an integer buffer overflow, caused by improper bounds checking by mpgrow. By...

9.8CVSS8.2AI score0.00517EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/07 3:43 p.m.28 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS and privilege escalation

Summary These CVEs affect the operating system kernel. Vulnerability Details CVEID:CVE-2023-52340 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the ICMPv6 handling of "Packet Too Big". By sending a specially crafted IPV6...

9.8CVSS7.5AI score0.00689EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/07 1:42 p.m.26 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cookie could allow a remote attack...

7.5CVSS7.7AI score0.02141EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/07 7:43 a.m.33 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerability in Apache Tomcat

Summary OSS Scan Vulnerability - Apache Tomcat 8.5.70 & Apache Tomcat 8.5.75 with multiple CVEs and affecting Sterling Control Center v6.2.1. Vulnerability Details CVEID:CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket...

8.6CVSS9.9AI score0.55532EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/07 7:42 a.m.11 views

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM Java Buffer overflow in GC

Summary IBM Java: Buffer overflow in GC when using the -Xgc:concurrentScavenge option on IBM Z is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions,...

7.3CVSS5.7AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/07 4:32 a.m.33 views

Security Bulletin: IBM Security Guardium Key Lifecycle Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Guardium Key Lifecycle Manager. Vulnerability Details CVEID:CVE-2024-49817 DESCRIPTION: IBM Security Guardium Key Lifecycle Manager stores user credentials in configuration files which can be read by a loc...

7.5CVSS6.2AI score0.00119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/06 7:44 p.m.6 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (Aug 2024)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/06 11:34 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tungstenite-0.20.1.crate CVE-2023-43669

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tungstenite-0.20.1.crate CVE-2023-43669. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-43669 DESCRIPTION: Snapview Tungstenite crate for Rust is vulnerable t...

7.5CVSS6.7AI score0.04501EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/06 10:24 a.m.14 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Injection - Cross Site Scripting Rule

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Injection - Cross Site Scripting Rule . This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35146 DESCRIPTION: IBM Maximo Application Suite - Monitor Component is...

5.4CVSS6.6AI score0.00455EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/06 9:54 a.m.23 views

Security Bulletin: Multiple Vulnerabilities in Db2 affect IBM Cloud Pak Sytem

Summary Vulnerabilities in Db2 affect IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using ...

7.5CVSS7.7AI score0.00427EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/06 7:21 a.m.7 views

Security Bulletin: IBM Operations Analytics - Log Analysis is vulnerable to an XML External Entity Injection (XXE) vulnerability

Summary There is a potential XML External Entity Injection XXE vulnerability with reload4j library that is used in IBM Operations Analytics - Log Analysis. This has been addressed. Vulnerability Details IBM X-Force ID: 294027 DESCRIPTION: QOS.CH reload4j allow a remote attacker to obtain sensitiv...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/06 7:21 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - MVI Component uses jose4j-0.9.3.jar which is vulnerable to this CVE-2023-51775

Summary Security Bulletin: IBM Maximo Application Suite - MVI Component uses jose4j-0.9.3.jar which is vulnerable to this CVE-2023-51775 Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially...

6.5CVSS6.9AI score0.00383EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/05 10:7 p.m.38 views

Security Bulletin: AIX is affected by multiple vulnerabilities due to Python

Summary There are multiple vulnerabilities in Python used by AIX CVE-2024-45491, CVE-2024-45490, CVE-2024-45492, CVE-2024-7592, CVE-2024-8088, CVE-2024-6923. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2024-45491 DESCRIPTION: libexpat could...

9.8CVSS8.6AI score0.02269EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/05 8:53 p.m.20 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2023-50314)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

7.5CVSS6.1AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/05 6:41 p.m.19 views

Security Bulletin: IBM Sterling Control Center is vulnerable to User Enumeration

Summary User Enumeration is affecting v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-35114 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. CWE:CWE-204: Observable Response Discrepancy...

5.3CVSS6.8AI score0.00117EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/05 11:58 a.m.16 views

Security Bulletin: There is a vulnerability in plotly.js used by IBM Maximo Asset Management application (CVE-2023-46308)

Summary There is a vulnerability in plotly.js used by IBM Maximo Asset Management application CVE-2023-46308 Vulnerability Details CVEID:CVE-2023-46308 DESCRIPTION: Plotly plotly.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the...

9.8CVSS7.9AI score0.00201EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/05 9:2 a.m.33 views

Security Bulletin: Vulnerability in jgit affect Cloud Pak System [CVE-2023-4759]

Summary Vulnerability in jgit affect Cloud Pak System. IBM Cloud Pak System Addressed vulnerability CVE-2023-4759. Vulnerability Details CVEID:CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case...

8.8CVSS8.7AI score0.00974EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/05 8:39 a.m.16 views

Security Bulletin: IBM Sterling Control Center is vulnerable to Content spoofing

Summary IBM Sterling Control Center is vulnerable to Content Spoofing in v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-35111 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...

4.3CVSS5.8AI score0.00065EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/11/05 8:38 a.m.25 views

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024

Summary IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

7.5CVSS5.3AI score0.00449EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059