Lucene search
K

35692 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•16 views

Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to stack overflow due to improper input validation (CVE-2024-7254)

Summary protobuf java is used by IBM QRadar SIEM Amazon Web Services protocol, and has known vulnerabilities. The issues have been addressed in an update. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an arbitrary number ...

8.7CVSS6.7AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•26 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat (CVE-2024-56337, CVE-2024-52316 and CVE-2024-50379)

Summary IBM Integration Bus for z/OS is vulnerable to a remote attack and a race condition vulnerability due to Apache Tomcat. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat:...

9.8CVSS7.1AI score0.43663EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•15 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy( CVE-2024-34158)

Summary A potential Golang Go denial of service vulnerability CVE-2024-34158 has been identified that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34158 DESCRIPTION: Golang Go is...

7.5CVSS7AI score0.01046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•13 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Protocol Buffers protobuf-go denial of service vulnerabilitiy( CVE-2024-24786)

Summary A potential denial of service vulnerability CVE-2024-24786 has been identified related to Protocol Buffers protobuf-go that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24786...

7.5CVSS6.9AI score0.01262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•14 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy(CVE-2024-34155).

Summary A potential denial of service vulnerabilityCVE-2024-34155 has been identified related to Golang Go that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34155 DESCRIPTION: Golang ...

4.3CVSS7.1AI score0.00839EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•24 views

Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-53677)

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI WebGUI as part of its web client component. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some...

9.8CVSS7.1AI score0.78198EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•12 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy(CVE-2024-34156)

Summary A potential Golang Go denial of service vulnerability CVE-2024-34156 has been identified that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-34156 DESCRIPTION: Golang Go is...

7.5CVSS7.1AI score0.01127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•19 views

Security Bulletin: Denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2024-40094)

Summary There is a vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty shipped with IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by...

5.3CVSS6.7AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•16 views

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: A...

7.5CVSS7.1AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•17 views

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard (CVE-2024-40094).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2024-40094. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...

5.3CVSS7AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•15 views

Security Bulletin: Vulnerability in Ruby REXML (CVE-2024-39908) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-399088 has been identified related to Ruby REXML that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: A...

7.5CVSS7.1AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•12 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to bypassing security restrictions [CVE-2024-47764]

Summary Node.js module cookie is used by IBM App Connect Enterprise Certified Container for parsing HTTP cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability ...

6.9CVSS6.8AI score0.00749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•25 views

Security Bulletin: A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation and may lead to a denial of service (CVE-2024-7254)

Summary A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation and may lead to a denial of service CVE-2024-7254. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifie...

8.7CVSS7.6AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•12 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-45086)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

5.5CVSS6.9AI score0.0044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•12 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52303 aiohttp-3.10.9-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Publicly disclosed vulnerability found by Mend) CVE-2024-52303

Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-52303 aiohttp-3.10.9-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl Publicly disclosed vulnerability found by Mend CVE-2024-52303. This bulletin contains information regarding the vulnerability and its...

8.7CVSS6.5AI score0.00563EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•18 views

Security Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47535 (Medium) detected in netty-common-4.1.114.Final.jar (Publicly disclosed vulnerability found by Mend) CVE-2024-47535

Summary ISecurity Bulletin: IBM Maximo Application Suite Ai-Broker Component uses CVE-2024-47535 Medium detected in netty-common-4.1.114.Final.jar Publicly disclosed vulnerability found by Mend CVE-2024-47535. This bulletin contains information regarding the vulnerability and its fixture...

5.5CVSS6.2AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•11 views

Security Bulletin: IBM Rational Developer for i is vulnerable to a buffer overflow attack (CVE-2024-47072)

Summary IBM Rational Developer for i contains functionality that is affected by the following issue. CVE-2024-47072 is a denial of service attack in the Debugger XML profile serialization function. This bulletin identifies the steps to take to address this vulnerability as described in the...

7.5CVSS7.4AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•14 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to non-integer values mishandles due to nanoid (CVE-2024-55565)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Runtime are vulnerable to non-integer value mishandles due to nanoid. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano I...

4.3CVSS6.2AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•15 views

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2024-21208, CVE-2024-27267)

Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2024-27267 DESCRIPTION: The Object Request Broker ORB in IBM SDK, Java Technology Edition 7.1.0.0 through...

5.9CVSS6AI score0.01018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•12 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses CVE-2024-5206 (Medium) detected in scikit_learn-1.1.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-5206

Summary IBM Maximo Application Suite Predict Component uses CVE-2024-5206 Medium detected in scikitlearn-1.1.3-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

4.7CVSS5.9AI score0.00187EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•16 views

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-40094).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-40094. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka...

5.3CVSS7AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:51 p.m.•16 views

Security Bulletin: There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-40094)

Summary There is a vulnerability in GraphQL Java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly consider...

5.3CVSS6.7AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 9:40 p.m.•15 views

Security Bulletin: There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2024-40094).

Summary There is a Denial of Service vulnerability in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2024-40094. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION:...

5.3CVSS5.5AI score0.00943EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 6:9 p.m.•12 views

Security Bulletin: IBM Edge Application Manager is vulnerable to an authorization bypass.

Summary IBM Edge Application Manager is vulnerable to an authorization bypass CVE-2024-45337. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentatio...

9.1CVSS6.7AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/28 3:8 a.m.•8 views

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty may affect IBM SPSS Analytic Server

Summary Multiple vulnerabilities in WebSphere Application Server Liberty may affect IBM SPSS Analytic Server CVE-2024-7254, CVE-2023-50314 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

8.7CVSS6.3AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/27 6:19 p.m.•29 views

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® Semuru Runtime used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit...

5.3CVSS7.8AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/27 6:19 p.m.•36 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Tivoli Netcool Impact

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Netcool Impact. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerabili...

5.3CVSS5.9AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/27 6:19 p.m.•20 views

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® Semuru Runtime used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...

7.5CVSS6.6AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/27 6:19 p.m.•28 views

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® Semuru Runtime used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...

7.3CVSS7.1AI score0.01276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/27 3:53 p.m.•20 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-51471, CVE-2024-51470, CVE-2024-52898, CVE-2024-52897, CVE-2024-52896 Vulnerability Details Refer to the security bulletins...

6.5CVSS7.3AI score0.00655EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/27 2:32 p.m.•29 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor CVE-2024-52798, CVE-2024-47764, CVE-2024-21538, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

8.7CVSS6.8AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/27 2:30 p.m.•24 views

Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2024-52798, CVE-2024-21538, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917, CVE-2024-47764. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION:...

8.7CVSS6.8AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/27 9:4 a.m.•18 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 288 Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0...

5.9CVSS7.6AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 7:17 p.m.•25 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary BM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include a remote attacker or local authenticated attacker could exploit these vulnerabilities to cause a denial of service condition as described by the CVEs in the "Vulnerability Details"...

7.8CVSS7.8AI score0.00317EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 7:16 p.m.•28 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Linux Kernel. Vulnerabilities include an authenticated or local attacker or local authenticated attacker could exploit these vulnerabilities to execute arbitrary code on the system, to cause a denial of service...

7.8CVSS8.8AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 7:15 p.m.•14 views

Security Bulletin: Vulnerability in HSQLDB might affect IBM Storage Copy Data Management.

Summary IBM Storage Copy Data Management can be affected by vulnerability in HSQLDB. An attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-41853 DESCRIPTION: HSQLDB...

9.8CVSS7.9AI score0.03519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 7:14 p.m.•31 views

Security Bulletin: Vulnerabilities in JSON-java, Hutool and Jettison might affect IBM Storage Copy Data Management.

Summary IIBM Storage Copy Data Management can be affected by vulnerabilities in JSON-java, Hutool and Jettison . Vulnerabilities include a remote attacker could exploit these vulnerabilities to cause a denial of service as described by the CVEs in the "Vulnerability Details" section. Vulnerabilit...

7.5CVSS7.5AI score0.01449EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 7:13 p.m.•15 views

Security Bulletin: Vulnerabilities in Snappy, OpenSSL and cURL libcurl might affect IBM Storage Copy Data Management.

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Snappy, OpenSSL and cURL libcurl. An attacker, a local attacker or a remote attacker could exploit these vulnerabilities to cause JVM to crash, to cause a crash or memory contents to be sent to the peer, to bypass...

9.1CVSS7.6AI score0.36081EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 7:11 p.m.•36 views

Security Bulletin: Vulnerabilities in Apache Commons Collections, Apache Synapse, Oracle WebLogic Server, MuleSoft and Red Hat JBoss might affect IBM Storage Copy Data Management.

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Apache Commons Colections, Apache Synapse, Oracle WebLogic Server, MuleSoft and Red Hat JBoss. Vulnerabilities include an attacker could exploit these vulnerabilities to execute arbitrary code on the system, allow remo...

10CVSS8.2AI score0.96032EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 7:9 p.m.•10 views

Security Bulletin: Vulnerability in OrientDB might affect IBM Storage Copy Data Management.

Summary IBM Storage Copy Data Management can be affected by a vulnerability in OrientDB. An attacker could exploit this vulnerability to execute arbitrary OS commands on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2017-11467...

10CVSS8.1AI score0.73071EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 5:29 p.m.•19 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tomcat-embed-core

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of tomcat-embed-core Vulnerability Details CVEID:CVE-2024-52316 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by a flaw when using a custom Jakarta Authenticati...

9.8CVSS7.7AI score0.23072EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 5:27 p.m.•15 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF Vulnerability Details CVEID:CVE-2024-7006 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference flaw tifdirinfo.c. By sending a specially crafted request, a...

7.5CVSS7AI score0.01516EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 5:26 p.m.•18 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in express-4.19.2.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of express-4.19.2.tgz Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker coul...

5CVSS7.1AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 5:25 p.m.•11 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of XStream. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted...

7.5CVSS7.7AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 5:18 p.m.•13 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Hibernate Validator

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Hibernate Validator. Vulnerability Details CVEID:CVE-2023-1932 DESCRIPTION: Hibernate Validator is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

6.1CVSS7.1AI score0.00452EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 5:15 p.m.•21 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty Common

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Netty Common Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers...

5.5CVSS6.5AI score0.01044EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 5:14 p.m.•14 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in zookeeper

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of zookeeper Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling...

5.3CVSS6AI score0.00246EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/24 5:5 p.m.•28 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM SDK

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM SDK Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...

7.4CVSS6.8AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/23 9:33 p.m.•31 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.3.6.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rexml-3.3.6.gem . Vulnerability Details CVEID:CVE-2024-49761 DESCRIPTION: REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits...

8.7CVSS6.4AI score0.01429EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/01/23 9:32 p.m.•17 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in cookie

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of cookie Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cookie could allow a remote attacker to bypass security restrictions, caused by improper input validation by the cookie name, path, and...

6.9CVSS6.6AI score0.00749EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35692