Lucene search
K

35680 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js braces module denial of service vulnerability [ CVE-2024-4068]

Summary Potential Node.js braces module denial of service vulnerability CVE-2024-4068 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40...

7.5CVSS7.4AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.22 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Operations Center (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264).

Summary IBM Storage Protect Operations Center may be impacted by multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8, potentially leading to a loss of availability and integrity of the host system. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified...

7.5CVSS7AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

5.5CVSS6.2AI score0.00237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting (CVE-2024-45073)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

4.8CVSS4.8AI score0.00233EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.17 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

5.5CVSS5.3AI score0.00237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is vulnerable to HTML injection (CVE-2024-51472)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-51472 DESCRIPTION: IBM DevOps Deploy /...

3.1CVSS6.4AI score0.00244EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

5.5CVSS5.2AI score0.00237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting (CVE-2024-45073)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

4.8CVSS4.9AI score0.00233EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to stored cross-site scripting (CVE-2024-45073)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

4.8CVSS6.2AI score0.00233EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.18 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch [CVE-2024-31580]

Summary IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch, caused by a heap-based buffer overflow in the /runtime/varargfunctions.cpp component CVE-2024-31580. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read...

4CVSS7.1AI score0.00223EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting (CVE-2024-45087)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

4.8CVSS4.9AI score0.00238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.34 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to spring-webmvc-6.1.12 (CVE-2024-38816)

Summary IBM Sterling Connect:Direct Web Services uses spring webmvc jar, Spring Security could allow a remote attacker to obtain sensitive information, caused by a path traversal attack in applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux...

7.5CVSS6.3AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.25 views

Security Bulletin: Due to use of Node.js IBM DataPower Gateway vulnerable to denial of service (CVE-2024-45590)

Summary Node.js is used by IBM DataPower Gateway as part of the user interface. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote...

7.5CVSS6.5AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting (CVE-2024-45087)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

4.8CVSS5AI score0.00238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43800)

Summary There is a vulnerability in expressjs serve-static used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is...

5CVSS6.8AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.13 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to server-side request (CVE-2024-39338)

Summary There is a vulnerability in Axios used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery...

7.5CVSS6.4AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.10 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43796)

Summary There is a vulnerability in expressjs express used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to...

5CVSS6.8AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.11 views

Security Bulletin: Apache Commons IO used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2024-47554)

Summary The Apache Commons IO used by Identity Insight is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. By sending a specially crafted input, a remote attacker could exploit this vulnerability to...

4.3CVSS7.2AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.15 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.5CVSS6.6AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.29 views

Security Bulletin: IBM MQ for HPE NonStop Server is vulnerable to a denial of service attack (CVE-2024-51470)

Summary IBM MQ for HPE NonStop Server has addressed a denial of service vulnerability CVE-2024-51470. Vulnerability Details CVEID:CVE-2024-51470 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. CWE:CWE-754: Improper Che...

6.5CVSS6.8AI score0.00655EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Framework (CVE-2024-38808)

Summary A vulnerability in VMware Tanzu Spring Framework that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

4.3CVSS6.7AI score0.00536EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: Vulnerability in GNU glibc affects IBM Integrated Analytics System [CVE-2024-33601]

Summary Redhat provided GNU glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-33601 Vulnerability Details CVEID:CVE-2024-33601 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure...

7.3CVSS6.3AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.21 views

Security Bulletin: Vulnerability in GNU glibc affects IBM Integrated Analytics System [CVE-2024-2961]

Summary Redhat provided GNU glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-2961 Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system,...

7.3CVSS7.8AI score0.8833EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM MQ Appliance Console is affected by a password disclosure vulnerability (CVE-2024-52896)

Summary IBM MQ Appliance has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-52896 DESCRIPTION: IBM MQ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned...

6.2CVSS6.3AI score0.0027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.26 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service (CVE-2024-45085)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.4AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.75 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to jsonpath-plus (CVE-2024-21534)

Summary IBM App Connect Enterprise Connector Discovery is vulnerable to a remote attack due to jsonpath-plus. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could allow a remote attacker to execute arbitrary code on the system, caused by improper input sanitization and unsa...

9.8CVSS7.3AI score0.09076EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting (CVE-2024-45087)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

4.8CVSS4.9AI score0.00238EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.23 views

Security Bulletin: Vulnerability in idna  ( CVE-2024-3651) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-3651 has been identified related to idna that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-3651...

7.5CVSS6.2AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.17 views

Security Bulletin: BM SPSS Collaboration and Deployment Services is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM WebSphere Application Server Liberty that is embedded in IBM SPSS Collaboration and Deployment Services is vulnerable to an XML External Entity XXE injection vulnerability Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products a...

7CVSS6.6AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.18 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-46696, CVE-2024-46697]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-46696, CVE-2024-46697 Vulnerability Details CVEID:CVE-2024-46696 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a...

7.8CVSS6.2AI score0.00215EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM DataPower Operator vulnerable to DoS due to use of Go (CVE-2024-34155, CVE-2024-34156)

Summary The affected calls are used by DataPower Operator for processing messages exchanged with Kubernetes and IBM DataPower Gateway. Vulnerability Details CVEID:CVE-2024-34156 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a stack exhaustion in Decoder.Decode. By sending...

7.5CVSS7.3AI score0.01127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.27 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure under specific conditions (CVE-2024-40679)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. Vulnerability Details CVEID:CVE-2024-40679 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to an...

5.5CVSS6AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.18 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45072)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an XML External Entity Injection XXE in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

5.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.15 views

Security Bulletin: IBM Match 360 is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM Match 360 is vulnerable to an XML External Entity XXE injection because of a vulnerable found in IBM Websphere Application Server Liberty. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

7CVSS6.9AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.31 views

Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to OpenSSH vulnerability CVE-2024-6387

Summary IBM Db2 Big SQL on Cloud Pak for Data embeds a variant of the IBM Db2 database server that runs in MPP mode. For MPP functionality such as scale-out, internally the server uses the secure shell SSH protocol for inter-pod communication. SSH protocol is not exposed to external users or...

8.1CVSS8.2AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.29 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Elastic Elasticsearch denial of service vulnerabilitiy.( CVE-2024-23450)

Summary Potential Elastic Elasticsearch denial of service vulnerabilitiy. CVE-2024-23450 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-23450 DESCRIPTION:...

7.5CVSS6.4AI score0.00943EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.22 views

Security Bulletin: IBM InfoSphere Information Server is affected by an XXE vulnerability in IBM WebSphere Application Server Liberty (CVE-2024-22354)

Summary An XML External Entity Injection XXE vulnerability in IBM WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application...

7CVSS6.6AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.16 views

Security Bulletin: Vulnerabilities in Apache Commons IO library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-47554)

Summary Apache Commons IO library is used by Tivoli Netcool/OMNIbus WebGUI as part of Apache POI dependency for Seasonal Event Graphs export feature. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource...

4.3CVSS7AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.40 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43799)

Summary There is a vulnerability in pillarjs send used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site...

5CVSS6.8AI score0.00511EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.20 views

Security Bulletin: Vulnerability in idna  ( CVE-2024-3651) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-3651 has been identified related to idna that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-3651...

7.5CVSS6.2AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.15 views

Security Bulletin: IBM Master Data Management is vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server (CVE-2024-45072)

Summary IBM Master Data Management v11.6, v12.0, and v14.0 are vulnerable to an XXE attack from a vulnerability found in IBM WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A privileged user coul...

5.5CVSS6.3AI score0.00439EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an XML External Entity Injection (XXE) vulnerability (CVE-2024-45086)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an XML External Entity Injection XXE vulnerability in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Produc...

5.5CVSS7AI score0.0044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.18 views

Security Bulletin: Financial Transaction Manager v4 is impacted by a denial of service(DoS) vulnerability in WebSphere Liberty (CVE-2024-25026)

Summary IBM WebSphere Application Server Liberty is bundled with Financial Transaction Manager. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of...

7.5CVSS6.5AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.13 views

Security Bulletin: Vulnerability in Async ( CVE-2024-39249) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-392498 has been identified related to Async that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-39249...

7.5CVSS6.8AI score0.00812EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.10 views

Security Bulletin: Vulnerability in tqdm ( CVE-2024-34062) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential arbitrary code execution vulnerability CVE-2024-34062 has been identified related to tqdm that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

4.8CVSS7.5AI score0.00432EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.13 views

Security Bulletin: Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to cross-site scripting due to Webpack and Rspack CVE-2024-43788

Summary Platform UI and Automation Assets in IBM Cloud Pak for Integration are vulnerable to cross-site scripting due to Webpack and Rspack CVE-2024-43788 with details below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-43788 DESCRIPTION: Webpack and Rspack are...

6.4CVSS6.2AI score0.00897EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.14 views

Security Bulletin: IBM Maximo Application Suite: Jinja2-3.1.3-py3-none is vulnerable to CVE-2024-34064 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Jinja2-3.1.3-py3-none which is vulnerable to CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys containing non-attribute characters by...

5.4CVSS6.5AI score0.00979EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.15 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...

9.8CVSS7.8AI score0.01745EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.19 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to SAP My Travel Requests privilege excalation vulnerability [ CVE-2024-32731]

Summary Potential SAP My Travel Requests privilege excalation vulnerability CVE-2024-32731 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

5.5CVSS6.8AI score0.00363EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.32 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Denial of Service Vulnerability in Jetty (CVE-2024-8184)

Summary Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the ThreadLimitHandler.getRemote function. By sending specially crafted requests, a remote attacker could exploit this vulnerability to exhaust the server memory and results in a denial of service...

6.5CVSS6.4AI score0.01037EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35680