Lucene search
K

35692 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•13 views

Security Bulletin: Vulnerability in Async ( CVE-2024-39249) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-392498 has been identified related to Async that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-39249...

7.5CVSS6.8AI score0.00812EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•29 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL (CVE-2024-6119, CVE-2024-5535)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL CVE-2024-6119, CVE-2024-5535 Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients...

9.1CVSS7AI score0.66594EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•35 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn(CVE-2024-21538)

Summary IBM App Connect Enterprise is vulnerable to Regular Expression Denial of Service ReDoS due to cross-spawn. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper...

8.7CVSS6.3AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang golang-fips/openssl denial of service vulnerabilitiy( CVE-2024-1394 )

Summary Potential Golang golang-fips/openssl denial of service vulnerabilitiy CVE-2024-1394 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-1394 DESCRIPTION:...

7.5CVSS7.8AI score0.01533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•14 views

Security Bulletin: IBM Master Data Management is vulnerable to cross-site scripting from vulnerability found in IBM WebSphere Application Server (CVE-2024-45071)

Summary IBM Master Data Management version 11.6, 12.0, and 14.0 are impacted by this vulnerability. IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intende...

5.5CVSS5.7AI score0.00237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•40 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Tomcat (CVE-2024-50379)

Summary IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Tomcat Vulnerability Details CVEID:CVE-2024-50379 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems...

9.8CVSS6.7AI score0.43663EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Envoy Proxy Envoy denial of service vulnerabilitiy(CVE-2024-30255)

Summary Potential Envoy Proxy Envoy denial of service vulnerabilitiyCVE-2024-30255 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-30255 DESCRIPTION: Envoy Pro...

7.5CVSS6.8AI score0.8781EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)

Summary There is a vulnerability in the Google Protocol Buffers protobuf library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers a.k.a., protobuf is vulnerable to a...

8.7CVSS7.2AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js braces module denial of service vulnerability [ CVE-2024-4068]

Summary Potential Node.js braces module denial of service vulnerability CVE-2024-4068 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-40...

7.5CVSS7.4AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: XML External Entity Injection attack in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-22354).

Summary IBM Storage Protect Operations Center may be affected by loss of confidentiality, availability and integrity of host system caused by XML External Entity Injection XXE attack in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere...

7CVSS6.5AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in GNU Emacs [CVE-2024-39331]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in GNU Emacs, caused by a code injection flaw in org-link-expand-abbrev in lisp/ol.el CVE-2024-39331. GNU Emacs is used by our Speech Service runtimes. This vulnerabilitiy has been...

9.8CVSS7.8AI score0.01323EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•14 views

Security Bulletin: IBM Maximo Application Suite: Jinja2-3.1.3-py3-none is vulnerable to CVE-2024-34064 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Jinja2-3.1.3-py3-none which is vulnerable to CVE-2024-34064 Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys containing non-attribute characters by...

5.4CVSS6.5AI score0.00979EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•23 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service vulnerability in Node.js ws module [ CVE-2024-37890]

Summary Potential denial of service vulnerability in Node.js ws module CVE-2024-37890 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

7.5CVSS7.5AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•10 views

Security Bulletin: Vulnerability in Python Software Foundation Black ( CVE-2024-21503) may affect IBM watsonx Assistant for IBM Cloud Pak for Data

Summary A potential denial of service vulnerability CVE-2024-21503 has been identified related to Python Software Foundation Black that may affect IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

5.3CVSS6.5AI score0.00971EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•16 views

Security Bulletin: IBM Maximo Application Suite: djangorestframework-3.15.1-py3-none-any.whl is vulnerable to CVE-2024-21520 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses djangorestframework-3.15.1-py3-none-any.whl which is vulnerable to CVE-2024-21520 Vulnerability Details CVEID:CVE-2024-21520 DESCRIPTION: Encode Django REST framework is vulnerable to cross-site scripting, caused by improper validati...

6.1CVSS6.6AI score0.01133EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•10 views

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-7254).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-7254. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Google Protocol Buffers...

8.7CVSS7.4AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•13 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43800)

Summary There is a vulnerability in expressjs serve-static used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: expressjs serve-static is...

5CVSS6.8AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•25 views

Security Bulletin: Due to use of Node.js IBM DataPower Gateway vulnerable to denial of service (CVE-2024-45590)

Summary Node.js is used by IBM DataPower Gateway as part of the user interface. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending a specially crafted payload, a remote...

7.5CVSS6.5AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•16 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch [CVE-2024-31583]

Summary IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch, caused by a use-after-free flaw in the torch/csrc/jit/mobile/interpreter.cpp component. CVE-2024-31583. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please re...

7.8CVSS6.6AI score0.00266EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: Vulnerable version of path-regexp shipped with IBM Business Automation Workflow - CVE-2024-45296

Summary IBM Business Automation Workflow packages a vulnerable version of path-to-regex in IBM Business Automation Workflow Configuration Editor and the most recent version of Process Admin Console. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a...

7.5CVSS7.1AI score0.00932EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•29 views

Security Bulletin: IBM MQ for HPE NonStop Server is vulnerable to a denial of service attack (CVE-2024-51470)

Summary IBM MQ for HPE NonStop Server has addressed a denial of service vulnerability CVE-2024-51470. Vulnerability Details CVEID:CVE-2024-51470 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. CWE:CWE-754: Improper Che...

6.5CVSS6.8AI score0.00655EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•19 views

Security Bulletin:Psf Requests Vulnerability Affects IBM Data Observability by Databand Self-Hosted (CVE-2024-35195)

Summary A vulnerability in Psf Requests was addressed in IBM Data Observability by Databand Self-Hosted Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security restrictions, caused by an incorrect control flow implementati...

5.6CVSS6AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•32 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to server-side request forgery CVE-2024-39573

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a specially...

7.5CVSS6.2AI score0.35447EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•21 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes ingress-nginx (CVE-2024-7646)

Summary A vulnerability in Kubernetes ingress-nginx that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7646 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an...

8.8CVSS7.4AI score0.27018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•34 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to spring-webmvc-6.1.12 (CVE-2024-38816)

Summary IBM Sterling Connect:Direct Web Services uses spring webmvc jar, Spring Security could allow a remote attacker to obtain sensitive information, caused by a path traversal attack in applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux...

7.5CVSS6.3AI score0.14718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable due to Axios vulnerability (CVE-2024-39338)

Summary IBM Sterling External Authentication Server SEAS uses Axios, which is vulnerable to Server-side Request Forgery SSRF. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get...

7.5CVSS6.3AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•40 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43799)

Summary There is a vulnerability in pillarjs send used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site...

5CVSS6.8AI score0.00511EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting (CVE-2024-45073)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

4.8CVSS4.9AI score0.00233EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•11 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in libexpat [CVE-2024-45492]

Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in libexpat, caused by an integer overflow in the nextScaffoldPart function in xmlparse.c. CVE-2024-45492. libexpat is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read...

9.8CVSS7.4AI score0.01393EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•19 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting (CVE-2024-45073)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

4.8CVSS4.8AI score0.00233EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•10 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to cross-site scripting (CVE-2024-43796)

Summary There is a vulnerability in expressjs express used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to...

5CVSS6.8AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•22 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Framework (CVE-2024-38808)

Summary A vulnerability in VMware Tanzu Spring Framework that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a...

4.3CVSS6.7AI score0.00536EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•19 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to stored cross-site scripting (CVE-2024-45073)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

4.8CVSS6.2AI score0.00233EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•14 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to stored cross-site scripting (CVE-2024-45071)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

5.5CVSS6.2AI score0.00237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•28 views

Security Bulletin: Vulnerability in libexpat affects IBM Cloud Pak System[CVE-2024-45490]

Summary Vulnerability in libexpat affects IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45490 DESCRIPTION: libexpat could provide weaker than expected security, caused by the failure to reject a negative length for XMLParseBuffer. By providing a negative length value to the...

7.5CVSS6.5AI score0.01686EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•16 views

Security Bulletin: Vulnerability in OpenSSL affect Cloud Pak System[CVE-2024-0727]

Summary Vulnerability identified in OpenSSL affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially crafted PKCS12 file, a remote attacker could...

5.5CVSS6.7AI score0.03174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•132 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-6119) due to OpenSSL

Summary Vulnerability in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-6119. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error...

7.5CVSS7.6AI score0.66594EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•15 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security weakness in GNU Emacs [CVE-2024-39331]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security weakness in GNU Emacs, caused by a code injection flaw in org-link-expand-abbrev in lisp/ol.el CVE-2024-39331. GNU Emacs is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the details...

9.8CVSS7.3AI score0.01323EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•20 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-context-6.1.13.jar which is vulnerable to this CVE-2024-38820

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses spring-context-6.1.13.jar which is vulnerable to this CVE-2024-38820. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION...

5.3CVSS6AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•34 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a remote attacker to bypass security restrictions CVE-2024-38473

Summary Apache HTTP Server is used by the IBM Datapower Operations Dashboard implementation of network operations Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in modproxy. By...

8.1CVSS6.7AI score0.25878EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 10:8 p.m.•36 views

Security Bulletin: Vulnerability in Apache HTTP Server (CVE-2024-38473) affects Power HMC.

Summary The Apache HTTP Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Apache HTTP Server could allow a remote attacker to bypass security restrictions, caused by an encoding flaw in...

8.1CVSS6.7AI score0.25878EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•13 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52304 aiohttp-3.10.2-cp310-cp310-macosx_10_9_universal2.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-52304

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52304 aiohttp-3.10.2-cp310-cp310-macosx109universal2.whl Publicly disclosed vulnerability found by Mend CVE-2024-52304. This bulletin contains information regarding the vulnerability and its fixture...

7.5CVSS6.4AI score0.00576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•16 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers (CVE-2024-7254)

Summary There is a vulnerability in the Google Protocol Buffers protobuf library used by IBM WebSphere Application Server Liberty with the grpc-1.0 or grpcClient-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in...

8.7CVSS6.4AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•26 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to backtracking due to path-to-regexp (CVE-2024-52798)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to backtracking due to path-to-regexp. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions...

8.7CVSS6.3AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•12 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers which is vulnerable toCVE-2024-7254. This bulletin contains information regarding the vulnerability and its...

8.7CVSS6.5AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•7 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2024-6119)

Summary IBM Security SOAR uses an older version of the Python cryptography/openssl library which has a known vulnerability. An update has been released which address this issue. It is recommended upgrading to Version 51.0.4.1 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2024-611...

7.5CVSS8AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•25 views

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to security restrictions being bypassed (CVE-2024-52316).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to security restrictions being bypassed CVE-2024-52316. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2024-52316 DESCRIPTION: Apache Tomcat could allow a...

9.8CVSS6.7AI score0.06287EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•14 views

Security Bulletin: Vulnerability in Elastic Elasticsearch ( CVE-2024-23444) affects IBM Watson CP4D Data Stores

Summary A potential information disclosure vulnerability CVE-2024-23444 has been identified related to Elastic Elasticsearch that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-23444...

7.5CVSS6AI score0.00206EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•11 views

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities (CVE-2024-47764)

Summary IBM Security SOAR uses an older version of the jshttp cookie UI component that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.4.1 or later of IBM Security SOAR. Vulnerability Details...

6.9CVSS6.9AI score0.00749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•26 views

Security Bulletin: There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-31141)

Summary There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow a local authenticated attacker to gain elevated privileges on the system, caused by a...

6.5CVSS6.4AI score0.01129EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35692