Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 6:8 p.m.•15 views

Security Bulletin: Vulnerability in Linux Kernel could affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by a vulnerability in Linux Kernel. An attacker could exploit this vulnerability to cause the wrong portion of the block buffer to be read or a denial of service as described by the CVE in the "Vulnerability Details" section. Vulnerability...

7.1CVSS7.6AI score0.00024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 5:56 p.m.•24 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to expose sensitive information due to RubyGems activesupport ( CVE-2023-38037 )

Summary RubyGems activesupport is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-38037. Vulnerability Details CVEID:CVE-2023-38037 DESCRIPTION: RubyGems activesupport gemcould allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the...

5.5CVSS5.3AI score0.00095EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 5:52 p.m.•57 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to a variety of issues due to 3rd party software

Summary Various 3rd party software packages are used by the underlying platform of IBM Cloud Pak for Data. These packages are used for the building of binaries, installation of software and within the provided services. The fixed CVEs are listed below. Vulnerability Details CVEID:CVE-2022-23806...

9.8CVSS10AI score0.10629EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 12:51 p.m.•14 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-39463]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-39463 Vulnerability Details CVEID:CVE-2024-39463 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on...

7.8CVSS8AI score0.00023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 11:53 a.m.•31 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-4304, CVE-2023-0215, CVE-2023-0286]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

7.5CVSS7.2AI score0.88334EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 11:41 a.m.•16 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-2068]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-2068 Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caus...

10CVSS9.7AI score0.20216EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 11:38 a.m.•30 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to GNOME GLib, libcurl and kerberos 5

Summary GNOME GLib, libcurl and kerberos 5 used by IBM MQ Operator and Queue Manager container images are vulnerable to spoofing attacks, denial of service due to improper memory allocation, and privilege escalation which may lead to bypassing security restrictions. This bulletin identifies the...

9.1CVSS9.4AI score0.02606EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 10:59 a.m.•44 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2021-3999]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-3999 Vulnerability Details CVEID:CVE-2021-3999 DESCRIPTION: GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by imprope...

7.8CVSS8.9AI score0.00848EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 10:43 a.m.•34 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2022-23219]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-23219 Vulnerability Details CVEID:CVE-2022-23219 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based buffer overflow, caused by...

9.8CVSS9.6AI score0.00573EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 10:31 a.m.•33 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2022-23218]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-23218 Vulnerability Details CVEID:CVE-2022-23218 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based buffer overflow, caused by...

9.8CVSS9.6AI score0.00515EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 10:1 a.m.•33 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2021-35942]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-35942 Vulnerability Details CVEID:CVE-2021-35942 DESCRIPTION: GNU C Library aka glibc could allow a local attacker to obtain sensitive information,...

9.1CVSS8.9AI score0.01407EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 9:49 a.m.•32 views

Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2021-3518]

Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-3518 Vulnerability Details CVEID:CVE-2021-3518 DESCRIPTION: GNOME libxml2 could allow a remote attacker to execute arbitrary code on the system,...

8.8CVSS9.6AI score0.0025EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 9:38 a.m.•20 views

Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2021-3516]

Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-3516 Vulnerability Details CVEID:CVE-2021-3516 DESCRIPTION: libxml2 could allow a remote attacker to execute arbitrary code on the system, caused b...

7.8CVSS7.5AI score0.00381EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/27 8:35 a.m.•20 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2021-27218, CVE-2021-27219]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-27218, CVE-2021-27219 Vulnerability Details CVEID:CVE-2021-27218 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by an error whe...

7.5CVSS9.7AI score0.10494EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 9:40 p.m.•37 views

Security Bulletin: IBM Cognos Transformer is affected by vulnerabilities in IBM® Java™

Summary Vulnerabilities in IBM® Java™ Version 8 that is consumed by IBM Cognos Transformer have been addressed. Please refer to the table in the Related Information section for vulnerability impact. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE...

7.5CVSS7.4AI score0.00319EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 6:26 p.m.•19 views

Security Bulletin: IBM DevOps Build addresses denial of service vulnerability caused by a flaw in processing HTTP/2 stream.

Summary IBM DevOps Build 7.0.0.3 addresses denial of service vulnerability caused by a flaw in processing HTTP/2 stream. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a flaw when processing an HTTP/2 stream. By sending...

7.5CVSS7.6AI score0.21539EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 6:14 p.m.•13 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-40975]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-40975 Vulnerability Details CVEID:CVE-2024-40975 DESCRIPTION: Linux Kernel could provide weaker than expected security, caused by unregister devices ...

5.5CVSS5.8AI score0.00018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 6:8 p.m.•12 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-27060]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-27060 Vulnerability Details CVEID:CVE-2024-27060 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a null pointer dereference...

5.5CVSS5.9AI score0.00021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 6:2 p.m.•25 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2024-6119]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-6119 Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing...

7.5CVSS7.3AI score0.10778EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 5:51 p.m.•15 views

Security Bulletin: Vulnerability in linux affects IBM Integrated Analytics System [CVE-2024-27050]

Summary Redhat provided linux is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-27050 Vulnerability Details CVEID:CVE-2024-27050 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by not using OPTSSET macro in...

5.5CVSS6.2AI score0.00015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 5:39 p.m.•26 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2023-6129]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-6129 Vulnerability Details CVEID:CVE-2023-6129 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC...

6.5CVSS6.9AI score0.03331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 4:34 p.m.•21 views

Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26553]

Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26553 Vulnerability Details CVEID:CVE-2023-26553 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...

5.6CVSS9.3AI score0.00681EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 4:23 p.m.•16 views

Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26551]

Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26551 Vulnerability Details CVEID:CVE-2023-26551 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...

5.6CVSS9.3AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 4:17 p.m.•16 views

Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26554]

Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26554 Vulnerability Details CVEID:CVE-2023-26554 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...

5.6CVSS9.3AI score0.0035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 4:9 p.m.•18 views

Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26552]

Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26552 Vulnerability Details CVEID:CVE-2023-26552 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...

5.6CVSS9.3AI score0.00282EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 3:57 p.m.•19 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2023-5156]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-5156 Vulnerability Details CVEID:CVE-2023-5156 DESCRIPTION: GNU C Library glibc is vulnerable to a denial of service, caused by a memory leak in...

7.5CVSS8.1AI score0.00058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 3:50 p.m.•20 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [ CVE-2023-4806]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-4806 Vulnerability Details CVEID:CVE-2023-4806 DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the...

5.9CVSS8.4AI score0.01895EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 3:40 p.m.•23 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [ CVE-2023-4813]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-4813 Vulnerability Details CVEID:CVE-2023-4813 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the gaihin...

5.9CVSS8.6AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 2:57 p.m.•19 views

Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [ CVE-2023-39615]

Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-39615 Vulnerability Details CVEID:CVE-2023-39615 DESCRIPTION: Xmlsoft Libxml2 is vulnerable to a denial of service, caused by a global buffer...

6.5CVSS7AI score0.00117EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 2:44 p.m.•17 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-3358]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-3358 Vulnerability Details CVEID:CVE-2022-3358 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the...

7.5CVSS7.7AI score0.19455EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 2:16 p.m.•17 views

Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2022-23308]

Summary Redhat provided libxml2 is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-23308 Vulnerability Details CVEID:CVE-2022-23308 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a use-after-free in the ID an...

7.5CVSS9.3AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 2:5 p.m.•23 views

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2021-25219]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-25219 Vulnerability Details CVEID:CVE-2021-25219 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw in response processing. ...

5.3CVSS5.6AI score0.01039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 1:35 p.m.•25 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 281 Vulnerability Details CVEID:CVE-2023-38545 DESCRIPTION: libcurl and cURL are vulnerable to a heap-based buffer overflow, caused by the improper handling of hostnames...

9.8CVSS9.8AI score0.92745EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 1:32 p.m.•20 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [ CVE-2021-33574]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2021-33574 Vulnerability Details CVEID:CVE-2021-33574 DESCRIPTION: GNU C Library aka glibc is vulnerable to a denial of service, caused by a use-after-fre...

9.8CVSS9.3AI score0.0013EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 1:10 p.m.•19 views

Security Bulletin: Vulnerability in glibc affects IBM Integrated Analytics System [CVE-2020-27618]

Summary Redhat provided glibc is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2020-27618 Vulnerability Details CVEID:CVE-2020-27618 DESCRIPTION: GNU C Library aka glibc or libc6 is vulnerable to a denial of service, caused by an err...

5.5CVSS7AI score0.0005EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 12:16 p.m.•31 views

Security Bulletin: IBM App Connect Enterprise are vulnerable to a denial of service due to node.js expressjs body-parser module. (CVE-2024-45590)

Summary IBM App Connect Enterprise are vulnerable to a denial of service due to node.js expressjs body-parser module. CVE-2024-45590. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerabl...

7.5CVSS7.9AI score0.01535EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 11:43 a.m.•32 views

Security Bulletin: The Discovery Connector nodes in IBM App Connect Enterprise are vulnerable to a denial of service due to node.js micromatch module (CVE-2024-4067).

Summary The Discovery Connector nodes in IBM App Connect Enterprise are vulnerable to a denial of service due to node.js micromatch module CVE-2024-4067. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js...

5.3CVSS6.2AI score0.00171EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/26 8:39 a.m.•24 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to this CVE-2024-39689

Summary IBM Maximo Application Suite - Predict Component component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to this CVE-2024-39689 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of...

7.5CVSS7.3AI score0.25805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 8:37 p.m.•13 views

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilites

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.5 IF3 has addressed the applicable CVEs by upgrading to IBM® Semeru Java™ Version 11.0.24.0. Additionally, IBM Cognos Command Center has addressed a vulnerability th...

7.3CVSS6.7AI score0.0045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:9 p.m.•44 views

Security Bulletin: Vulnerability in Python affects IBM watsonx.data

Summary Requests have been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent through the tunnel, the proxy will identify...

6.1CVSS7.2AI score0.06809EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:7 p.m.•28 views

Security Bulletin: Vulnerabilities in gRPC affect watsonx.data

Summary gRPC is vulnerable to a denial of service attack as well as possibly allowing a remote attack to obtain sensitive information. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-1428 DESCRIPTION: gRPC is vulnerable to a denial of service. By sending a specially crafted...

7.5CVSS7.7AI score0.00083EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:7 p.m.•45 views

Security Bulletin: Vulnerabilities in Google Protocol Buffers affect IBM watsonx.data

Summary Google Protocol Buffers and protobuf-java core and lite have multiple vulnerabilities that can affect watsonx.data. These vulnerablities include denail of service attacks and remote code executions, Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers could allow...

8.8CVSS8.5AI score0.00763EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:6 p.m.•38 views

Security Bulletin: Vulnerabilities in Netty affect IBM watsonx.data

Summary Netty is vulnerable to HTTP request smuggling and weaker than expected security. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a...

9.1CVSS9.1AI score0.17932EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:6 p.m.•32 views

Security Bulletin: Vulnerabilities in FasterXML jackson-databind and other packages affect IBM watsonx.data

Summary FasterXML jackson-databind, multiple Huawei products, multiple Oracle products, Guava, Google Protocol Buffers, protobuf-core, Netty, JetBrains Kotlin, netplex JSON Smart, Jettison, Eclipse Jetty, SnakeYaml and Perl have vulnerabilities that can affect watsonx.data. Vulnerability Details...

10CVSS10AI score0.84949EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:5 p.m.•18 views

Security Bulletin: Vulnerability in Okio GzipSource affects watsonx.data

Summary Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: Okio GzipSource is vulnerable to a denial of service, caused by unhandled exception. By sending a specially crafted gzi...

7.5CVSS7.4AI score0.00567EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:5 p.m.•22 views

Security Bulletin: Vulnerability in Jettison affects IBM watsonx.data

Summary Jettison is vulnerable to a denial of service, caused by an infinite recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker could exploit this vulnerability to cause a denial of service. This can affect...

7.5CVSS8.3AI score0.00122EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:4 p.m.•28 views

Security Bulletin: Vulnerabilities in Logback, Guava and Apache HTTPClient affect IBM watsonx.data

Summary Logback, Guava and Apache HTTPClient have vulnerabilties that can affect watsonx.data. These vulnerabilities include remote attacks to bypass security restrictions and remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550...

8.5CVSS8.2AI score0.02729EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:3 p.m.•30 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM watsonx.data

Summary Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in MetaDataBuilder.checkSize. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. This can affect...

7.5CVSS8.3AI score0.01866EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:3 p.m.•21 views

Security Bulletin: Vulnerability in Google Guava affects IBM watsonx.data

Summary Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default temporary directory for file creation in FileBackedOutputStream. By sending a specially crafted request, an attacker could exploit this vulnerability to acce...

7.1CVSS6.7AI score0.00065EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/09/25 7:3 p.m.•40 views

Security Bulletin: Vulnerabilities in Protobuf-java affect IBM watsonx.data

Summary Protobuf-java core and lite are vulnerable to a denial of service attacks which can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and text...

7.5CVSS7.7AI score0.00166EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059