Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/11 11:22 a.m.33 views

Security Bulletin: There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. Updates for CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been released to address these vulnerabilities...

7.4CVSS7.2AI score0.00977EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/11 6:35 a.m.11 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to Apache HttpClient Vulnerability

Summary IBM Sterling Connect:Direct Web Services uses Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs.. This bulletin identifies the steps to take to address the vulnerabilities...

5.3CVSS7AI score0.00505EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/11 12:37 a.m.39 views

Security Bulletin: A vulnerability in RedHat UBI minimal affects IBM Robotic Process Automation for Cloud Pak which could allow an attacker to obtain sensitive information (CVE-2023-5388).

Summary A vulnerability in RedHat UBI minimal affects IBM Robotic Process Automation for Cloud Pak. RedHat UBI images are used as base images for IBM Robotic Process Automation containers. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

6.5CVSS6.3AI score0.00245EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/09 10:27 p.m.18 views

Security Bulletin: IBM DevOps Velocity is vulnerable due to multiple misconfigurations

Summary Multiple vulnerabilities in IBM DevOps Velocity have been address in IBM DevOps Velocity version 5.0.1 Vulnerability Details CVEID:CVE-2024-22348 DESCRIPTION: IBM UCV - UrbanCode Velocity uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions...

7.5CVSS6.1AI score0.00043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/09 10:11 p.m.20 views

Security Bulletin: This Power System update is being released to address CVE-2023-45871

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-45871, by upgrading PowerVM and thus addressing the exposure ...

7.5CVSS8AI score0.00025EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/09 5:8 p.m.72 views

Security Bulletin: Multiple Vulnerabilities affect IBM Cloud Pak System.

Summary Mulitple vulnerabilities have been addressed in IBM Cloud Pak System 2.3.4.0 and IBM Cloud Pak System 2.3.5.0. Vulnerability Details CVEID:CVE-2022-31813 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by the failure to send the...

9.8CVSS10AI score0.88334EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/09 1:46 p.m.22 views

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.3.1 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.3.1 or...

7.4CVSS6.1AI score0.00977EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/09 1:22 p.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow Configuration Editor is packaging a vulnerable version of the Node.js runtime and vulnerable library versions. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper validation of...

8.1CVSS8.2AI score0.00261EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/09 9:25 a.m.28 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

8.8CVSS9.1AI score0.02141EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 8:15 p.m.24 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21012 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component cou...

3.7CVSS6.5AI score0.00442EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 6:56 p.m.33 views

Security Bulletin: IBM Security SOAR password recovery is vulnerable (CVE-2024-45670)

Summary The password reset function in IBM Security QRadar SOAR had vulnerabilities that could allow hackers to exploit and take over user privileges. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.2.0 or later of IBM Security SOAR...

8.1CVSS6.9AI score0.00047EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 6:50 p.m.29 views

Security Bulletin: IBM InfoSphere Information Server low level authenticated user can view sensitive information (CVE-2024-31898)

Summary A vulnerability in IBM InfoSphere Information Server allowed a lower level authenticated user to view sensitive information. This vulnerabity was addressed. Vulnerability Details CVEID:CVE-2024-31898 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to read ...

5.4CVSS5AI score0.00026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 6:3 p.m.37 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2017-5637, CVE-2019-0201, CVE-2018-8012, CVE-2023-44981)

Summary IBM Security Guardium uses Apache ZooKeeper as a component. This component has multiple vulnerabilities which might affect the product. These vulnerabilities have been addressed in an update. Vulnerability Details CVEID:CVE-2017-5637 DESCRIPTION: Apache Zookeeper is vulnerable to a denial...

9.1CVSS8AI score0.17446EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 4:4 p.m.42 views

Security Bulletin: IBM Security Guardium is affected by a remote code execution vulnerability (CVE-2022-37434)

Summary IBM Security Guardium has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By using a large gzip header extra field, a remote...

9.8CVSS9.8AI score0.92745EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 3:41 p.m.22 views

Security Bulletin: IBM Security Guardium is affected by a Kernel vulnerability (CVE-2022-2601)

Summary IBM Security Guardium has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2022-2601 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the grubfontconstructglyph function in grub2. By using a...

8.6CVSS9.4AI score0.0012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 3:29 p.m.45 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate with crafte...

8.1CVSS9.1AI score0.91924EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 2:40 p.m.109 views

Security Bulletin: RC4 Bar Mitzvah Attack for SSL/TLS (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS6.4AI score0.2382EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 2:6 p.m.71 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM i (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM i Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS7AI score0.2382EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 2:2 p.m.37 views

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM i (CVE-2015-7575).

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM i. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS...

5.9CVSS6.2AI score0.0107EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 1:59 p.m.11 views

Security Bulletin: IBM Event Processing is vulnerable to a denial of service

Summary Operator of IBM Event Processing backend and operator is vulnerable to denial of service. CVE-2024-25710, CVE-2024-26308 Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a...

8.1CVSS6.7AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 1:47 p.m.38 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy

Summary Vulnerabilities in Eclipse Jetty shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a...

7.5CVSS8AI score0.9439EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 1:40 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2.6

Summary Vulnerabilities in the Java Runtime Environment JRE 8.0.8.0 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...

9.8CVSS8.7AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 1:28 p.m.14 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency component could allow a...

7.5CVSS5.8AI score0.00442EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 1:24 p.m.17 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus running on Solaris. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a...

7.4CVSS9.1AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 1:7 p.m.40 views

Security Bulletin: Multiple Vulnerabilities in Rational Change

Summary Vulnerabilities in the Jetty component shipped with Rational Change may affect the security of the product. Vulnerability Details CVEID:CVE-2023-41900 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to bypass security restrictions, caused by improper authentication...

7.5CVSS8AI score0.9439EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 11:29 a.m.34 views

Security Bulletin: IBM Engineering Systems Design Rhapsody - Model Manager - Race Condition Format Flaw (Uses of non-thread safe SimpleDateFormat.format() when enabling DEBUG log for IDMappingsService.verbose)

Summary In 'IBM Engineering Systems Design Rhapsody - Model Manager RMM' if DEBUG logging is enabled for 'IDMappingsService.verbose', then there is a possibility of an incorrect date being written to the logs, or the possibility of an exception being thrown due to a race-condition involving the u...

9.8CVSS7.2AI score0.00032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 10:11 a.m.21 views

Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2024-0232 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by a heap use-after-free flaw in the jsonParseAddNodeArray function in sqlite3.c. By...

5.5CVSS7.1AI score0.00018EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 9:59 a.m.45 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

9.1CVSS8.9AI score0.02606EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/08 8:35 a.m.29 views

Security Bulletin: IBM Maximo Application Suite uses multiple packages which are vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses golang.org/x/net/http2 - v0.19.0 , v0.20.0, github.com/lestrrat-go/jwx/v2 - v2.0.11, setuptools - 50.3.2, tar - 6.2.0, github.com/docker/docker - v24.0.7, follow-redirects - 1.15.4, express - 4.18.2 , idna - 3.6 ,org.apache.cxfcxf-core - 3.5.5,...

9.3CVSS8.4AI score0.46602EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/07 10:29 p.m.25 views

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could allow an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. (CVE-2015-5739)

Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could allow an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. IBM Robotic Process Automation for Cloud Pak uses Go as part of it's operator deployment...

9.8CVSS5.9AI score0.11884EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/07 10:28 p.m.25 views

Security Bulletin: A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information (CVE-2020-15522).

Summary A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information. IBM Robotic Process Automation uses Bouncy Castle for encrytion. This bulletin identifies the security fixes to apply to address the vulnerability...

5.9CVSS6.2AI score0.00403EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/07 10:27 p.m.23 views

Security Bulletin: Multiple vulnerabilities in microsoft.netcore.app affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM microsoft.netcore.app affect IBM Robotic Process Automation. The vulnerabilities exist in BrotliSharpLib which was determined to not be required by IBM Robotic Process Automation. The offending module was removed from the product. Vulnerability Details...

7.5CVSS7.8AI score0.27092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/07 8:9 p.m.23 views

Security Bulletin: IBM OpenPages vulnerable to reflected Cross Site Scripting (CVE-2024-37527)

Summary A vulnerability could allow potential reflected cross-site scripting injections in IBM OpenPages through parameters used in reports. Vulnerability Details CVEID:CVE-2024-37527 DESCRIPTION: IBM OpenPages with Watson is vulnerable to cross-site scripting. This vulnerability allows an...

5.4CVSS6AI score0.00117EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/07 4:26 p.m.73 views

Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following IBM i PTFs in response to CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 and CVE-2018-3639. This security bulletin has been updated, on October 16, 2018, as additional IBM i PTFs are now available to mitigate the Spectre and Meltdown vulnerabilities...

5.6CVSS7.4AI score0.9427EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/07 3:25 p.m.30 views

Security Bulletin: CVE-2023-22045, CVE-2023-22049 affects IBM® SDK, Java™ Technology Edition affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition in version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. An update has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22045...

3.7CVSS6.3AI score0.00141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/07 3:19 p.m.19 views

Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in...

7.3CVSS7.7AI score0.00129EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/06 6:34 p.m.25 views

Security Bulletin: Vulnerability in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerability in Linux Kernel. A local authenticated attacker could exploit the vulnerability to cause a denial of service condition as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details...

4.7CVSS6.6AI score0.00009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/04 11:53 p.m.13 views

Security Bulletin: IBM Watson Query on IBM Cloud does not govern all of the columns of a published object

Summary IBM Watson Query on IBM Cloud integrates with IBM Knowledge Catalog IKC - formerly Watson Knowledge Catalog WKC - to enforce data protection rules on governed objects. When you publish objects from Watson Query to catalogs or projects, only the first 100 columns are registered in the...

6.5CVSS6AI score0.00077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/04 1:13 p.m.43 views

Security Bulletin: IBM i is affected by several vulnerabilities (CVE-2016-2183 and CVE-2016-6329)

Summary IBM i is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block...

7.5CVSS6.8AI score0.40993EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/04 11:37 a.m.23 views

Security Bulletin: IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. (CVE-2023-0833).

Summary IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. CVE-2023-0833. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: Red Hat AMQ-Streams could allow ...

5.5CVSS5.7AI score0.00029EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/04 11:2 a.m.22 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact, low...

3.7CVSS6.2AI score0.00449EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/04 9:46 a.m.34 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...

8.1CVSS8AI score0.01187EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/04 6:44 a.m.26 views

Security Bulletin: IBM Operational Decision Manager for Sep 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-38808...

5.3CVSS8.2AI score0.00809EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/03 5:51 p.m.23 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28486]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters during logging operations CVE-2023-28486. Sudo Project Sudo is included as a Base OS package used...

5.3CVSS6.1AI score0.00136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/03 5:50 p.m.16 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28487]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters by the "sudoreplay -l" command CVE-2023-28487. Sudo Project Sudo is included as a Base OS package...

5.3CVSS6.2AI score0.00136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/03 5:48 p.m.22 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Sudo Project Sudo [CVE-2023-42465]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Sudo Project Sudo, caused by a fault injection flaw in the stack/register variables CVE-2023-42465. Sudo Project Sudo is included as a Base OS package used by our service...

7CVSS6.7AI score0.00004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/03 5:47 p.m.42 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH [CVE-2023-51385]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH, caused by improper validation of shell metacharacters CVE-2023-51385. OpenSSH is included as a Base OS package used by our service runtimes. This vulnerabilitiy has...

6.5CVSS7.8AI score0.18499EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/03 5:46 p.m.21 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl [CVE-2023-47038]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined Unicode property CVE-2023-47038. Perl is included as a Base OS package used by our service runtimes. This vulnerabilitiy ha...

7.8CVSS7.6AI score0.00108EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/03 12:54 p.m.45 views

Security Bulletin: IBM Sterling Control Center v6.2.x and v6.3.x are vulnerable due to IBM SDK Java Technology Edition vulnerability

Summary IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676, CVE-2023-22081, CVE-2023-22067 affecting Sterling Control Center v6.2.x and v6.3.x. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java...

5.9CVSS6.3AI score0.00172EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/10/03 12:53 p.m.33 views

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2022-41678. Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

8.8CVSS8.8AI score0.93EPSS
Exploits2Affected Software1
Total number of security vulnerabilities35059