Lucene search
K

35692 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/01/23 9:31 p.m.26 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Ansible

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Ansible Vulnerability Details CVEID:CVE-2023-5764 DESCRIPTION: Ansible could allow a local authenticated attacker to execute arbitrary code on the system, caused by a template injection flaw. By sending a...

7.8CVSS7AI score0.00539EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/23 9:27 p.m.13 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in http-proxy-middleware

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of http-proxy-middleware Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By...

7.5CVSS6.7AI score0.01009EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/23 2:48 p.m.23 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple CVEs in IBM Java SDK

Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise Runtime and IBM Integration Bus for z/OS Runtime. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit...

5.3CVSS4.6AI score0.01157EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/23 12:10 p.m.22 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing Eclipse Lyo could allow a remote attacker to obtain sensitive information.

Summary Eclipse Lyo could allow a remote attacker to obtain sensitive information, caused by a flaw with not restrict DTD loading when working with RDF/XML when a TransformerFactory is initialized with the defaults. By sending a specially-crafted request, an attacker could exploit this...

5.3CVSS6.3AI score0.00953EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/23 12:9 p.m.11 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition.

Summary A race condition happened when a code sequence runs concurrently with other code, and the code sequence needs exclusive access to a shared resource, but a time window exists in which the shared resource can be modified by another code sequence. In security-critical code, a race condition...

9.8CVSS9.6AI score0.00838EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/22 6:54 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8.0.5.35 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability...

9.8CVSS8.6AI score0.09393EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/22 6:41 p.m.20 views

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation and may allow an attacker to bypass authorization plugins under specific circumstances (CVE-2024-41110).

Summary A vulnerability in Go affects IBM Robotic Process Automation and may allow an attacker to bypass authorization plugins under specific circumstances. IBM Robotic Process Automation for Cloud Pak uses Go as part of it's operators. This bulletin identifies the fixes required to address the...

9.9CVSS9.9AI score0.16496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/22 4:55 p.m.15 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary ulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208 and CVE-2024-10917 Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Ja...

5.3CVSS5.8AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/22 4:5 p.m.44 views

Security Bulletin: Vulnerability in Open Source Jackson databind used in IBM Cloud Pak System (CVE-2020-8840)

Summary Vulnerability with unknown impact identified in jackson-databind used in IBM Cloud Pak System Software. IBM Cloud Pak System addressed vulnerability. It applies to IBM Cloud Pak System Software and Service. Vulnerability Details CVEID:CVE-2020-8840 DESCRIPTION: FasterXML jackson-databind...

9.8CVSS9.6AI score0.26587EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/21 8:59 p.m.18 views

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2024-49767 DESCRIPTION: Werkzeug is...

7.8CVSS7AI score0.01093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/21 8:59 p.m.32 views

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

9.1CVSS9.1AI score0.54026EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/21 8:58 p.m.26 views

Security Bulletin: A vulnerability in commons.io affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service (CVE-2024-47554).

Summary A vulnerability in commons.io affects IBM Robotic Process Automation for Cloud Pak and may result in a denial of service. commons.io is used by IBM Robotic Process Automation for Cloud Pak as part of its operator. This bulletin identifies the security fix to apply to address the...

4.3CVSS5.5AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/17 5:35 p.m.36 views

Security Bulletin: IBM Engineering Requirements Management DOORS Next uses a CKEditor version affected by multiple vulnerabilities

Summary IBM Engineering Requirements Management DOORS Next uses a CKEditor version vulnerable to CVE-2021-33829 'Cross-site Scripting', CVE-2020-27193 'Cross-site Scripting', CVE-2021-26272 ReDoS, CVE-2021-41164 'Cross-site Scripting', CVE-2021-26271 ReDoS, CVE-2021-37695 'Cross-site Scripting',...

8.2CVSS7.9AI score0.03189EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/17 9:14 a.m.53 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 287 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

8.7CVSS7.7AI score0.02772EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/17 5:37 a.m.17 views

Security Bulletin: IBM Maximo Application Suite and IBM Maximo Application Suite - Iot Component uses ubi-nodejs : 2.0.0 which is vulnerable to CVE-2023-42282

Summary IBM Maximo Application Suite and IBM Maximo Application Suite -Iot Component uses ubi-nodejs : 2.0.0 which is vulnerable to CVE-2023-42282. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP...

9.8CVSS7.5AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/16 6:38 p.m.14 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to uspecified vulnerability in net/netip package in Golang Go CVE-2024-24790)

Summary A potential uspecified vulnerability in net/netip package in Golang Go CVE-2024-24790 has been identified that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTIO...

9.8CVSS6.9AI score0.01952EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/16 6:33 p.m.25 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to The Bouncy Castle Crypto Package For Java denial of service vulnerabilitiy( CVE-2024-29857)

Summary A potential denial of service vulnerability CVE-2024-29857 has been identified related to The Bouncy Castle Crypto Package For Java that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

7.5CVSS6.3AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/16 6:31 p.m.11 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy(CVE-2024-24788)

Summary A potential denial of service vulnerability CVE-2024-24788 has been identified related to Golang Go that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24788 DESCRIPTION:...

5.9CVSS6.7AI score0.01001EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/16 6:23 p.m.22 views

Security Bulletin: Vulnerability in Golang Go  (CVE-2024-24784) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2024-24784 has been identified related to Golang Go that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-24784 DESCRIPTION:...

7.5CVSS6.8AI score0.01042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/16 6:18 p.m.17 views

Security Bulletin: CVE-2023-45288 - HTTP/2 CONTINUATION flood vulnerability affects IBM Watson CP4D Data Stores

Summary A potential vulnerability CVE-2023-45288 - HTTP/2 CONTINUATION flood has been identified that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker ma...

7.5CVSS7AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/16 2:27 p.m.19 views

Security Bulletin: IBM Maximo Application Suite -Iot Component uses multiple third party jars which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite -Iot Component uses commons-codec-1.9.jar,classgraph-4.8.78.jar,guava-19.0.jar,commons-io-2.8.0.jar,json-20160212.jar,httpclient-4.5.2.jar,cryptography-43.0.0-cp39-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-2976, CVE-2018-10237, CVE-2020-8908,...

7.5CVSS8.2AI score0.66594EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/15 10:53 p.m.31 views

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361 Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a...

7.5CVSS6.2AI score0.01026EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/15 6:43 p.m.23 views

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a...

7.8CVSS7.6AI score0.014EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/15 6:38 p.m.22 views

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2024 - Includes OpenJDK Apr 2024 CPU

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2024 - Includes OpenJDK Apr 2024 CPU. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause lo...

7.3CVSS7.1AI score0.01276EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/15 5:19 p.m.21 views

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs

Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerabili...

5.3CVSS7.7AI score0.05966EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/15 2:54 p.m.33 views

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264 Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

7.5CVSS4.7AI score0.01361EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/15 2:53 p.m.38 views

Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU plus CVE-2024-27267

Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU plus CVE-2024-27267 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

7.4CVSS5.5AI score0.01257EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/15 11:46 a.m.22 views

Security Bulletin: An Eclipse Jetty Denial of Service vulnerability affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE CVE-2024-9823. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a fla...

7.5CVSS6.5AI score0.00946EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/15 11:3 a.m.26 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-456...

7.5CVSS7.8AI score0.01082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/13 2:0 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2024. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability ...

3.7CVSS6AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/13 8:49 a.m.27 views

Security Bulletin: IBM Engineering Lifecycle Management is impacted by vulnerabilities in Apache Jena

Summary A vulnerability has been identified in Apache Jena - jena-core-2.7.1.jar, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache...

9.8CVSS6.7AI score0.04007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/11 3:29 p.m.25 views

Security Bulletin: Multiple Security vulnerablilites affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. Python is included in some container base images for IBM Robotic Process Automation for Cloud Pak. This bulleti...

8.8CVSS8AI score0.03028EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/11 3:28 p.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation for Cloud Pak. IBM MQ is used as base imaged for IBM Robotic Process Automation for Cloud Pak messaging. This bulletin identifies the fixes required to address these vulnerabilites. Vulnerability Details...

7.5CVSS6.7AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/11 3:28 p.m.14 views

Security Bulletin: A vulnerability in Python affects IBM Robotic Process Automation which may allow and attacker to launch addtional attacks on the system (IBM X-Force ID: 273241)

Summary A vulnerability in Python affects IBM Robotic Process Automation which may allow and attacker to launch addtional attacks on the system. This bulletin identifies the fix to address this vulnerability. Vulnerability Details IBM X-Force ID: 273241 DESCRIPTION: GitLab Runner could provide...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 7:27 p.m.24 views

Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs...

10CVSS8.1AI score0.01471EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 3:28 p.m.11 views

Security Bulletin: vulnerability in Apache Commons HttpClient affects IBM Workload Automation.

Summary IBM Workload Automation is affected by a vulnerability in Apache Commons HttpClient that can cause Authorization Bypass CVE-2012-5783 Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and oth...

5.8CVSS6.1AI score0.09254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 3:27 p.m.7 views

Security Bulletin:Due to use of WebSphere Application Server traditional, IBM Workload Automation is vulnerable to a server-side request forgery (SSRF) vulnerability

Summary WebSphere Application Server traditional is used by IBM Workload Automation CVE-2024-22329 Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...

4.3CVSS6.3AI score0.00302EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 3:18 p.m.15 views

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a server-side forgery attack,

Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-22354 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

7CVSS6.6AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 3:8 p.m.14 views

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a denial of service,

Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-25026 Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service...

7.5CVSS6.5AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 1:45 p.m.19 views

Security Bulletin: vulnerability in OpenSSL affects IBM Workload Automation.

Summary IBM Workload Automation has vulnerability in OpenSSL CVE-2024-4603 Vulnerability Details CVEID:CVE-2024-4603 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation by the EVPPKEYparamcheck or EVPPKEYpubliccheck function. By parsing a specially craft...

5.3CVSS6.5AI score0.01131EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 1:42 p.m.18 views

Security Bulletin: vulnerability in libcURL affects IBM Workload Automation.

Summary IBM Workload Automation has vulnerability in libcURL CVE-2024-7264 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the the GTime2str function. By sending a specially...

6.5CVSS5.6AI score0.16212EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 8:20 a.m.16 views

Security Bulletin: Vulnerability in XStream library affects App Connect Professional

Summary There is vulnerability in the XStream library used by App Connect Professional. App Connect Professional has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in...

7.5CVSS7.1AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 8:18 a.m.14 views

Security Bulletin: Due to the use of Eclipse Jetty, IBM App Connect Professional is vulnerable to bypass security restrictions

Summary Eclipse Jetty is used within IBM App Connect Professional Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by improper validation on the authority segment of a URI in the HttpURI class. By sending a...

6.5CVSS5.5AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 8:15 a.m.16 views

Security Bulletin: Due to the use of Eclipse Jetty, IBM App Connect Professional is vulnerable to bypass security restrictions

Summary Eclipse Jetty is used within IBM App Connect Professional Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty could allow a remote attacker to bypass security restrictions, caused by improper validation on the authority segment of a URI in the HttpURI class. By sending a...

5.3CVSS6.3AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/10 6:42 a.m.21 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in crypto-js version 3.1.2

Summary A vulnerability has been identified in Crypto-Js 3.1.2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-46233 DESCRIPTION: Brix crypto-js could allo...

9.1CVSS6.2AI score0.00635EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:41 a.m.48 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF17 patch Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...

8.7CVSS9.1AI score0.02772EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:15 a.m.23 views

Security Bulletin: Vulnerability in OpenSSL affect BM Spectrum Control

Summary OpenSSL is vulnerable to a denial of service attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking...

7.5CVSS6.6AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:14 a.m.35 views

Security Bulletin: Vulnerabilities in IBM Java SE affect BM Spectrum Control

Summary IBM Java SE is vulnerable to allow a remote attacker to cause High confidentiality ,high integrity impact. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

7.5CVSS9.1AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:13 a.m.24 views

Security Bulletin: Vulnerability in expressjs body-parser affect BM Spectrum Control

Summary expressjs body-parser is vulnerable to a denial of service attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. By sending ...

7.5CVSS6.5AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:11 a.m.18 views

Security Bulletin: Vulnerability in Axios affect BM Spectrum Control

Summary Axios is vulnerable to server-side request forgery, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol...

7.5CVSS6.2AI score0.01414EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35692