Lucene search
K

35692 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:10 a.m.13 views

Security Bulletin: The remote Windows host has at least one service installed that uses an unquoted service path which affect IBM Spectrum Control

Summary Description: The remote Windows host has at least one service installed that uses an unquoted service path, which contains at least one whitespace. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service. Vulnerability Details Refe...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:9 a.m.8 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Google Protocol Buffers. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an...

8.7CVSS8.9AI score0.02772EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:9 a.m.18 views

Security Bulletin: Vulnerability in XStream affect BM Spectrum Control

Summary XStream is vulnerable to denial of service, This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By sending a specially crafted...

7.5CVSS7AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 10:7 a.m.21 views

Security Bulletin: Apache Kafka vulnerability affect IBM Spectrum Control

Summary Apache Kafka vulnerable to local authenticated attacker to gain elevated privileges on the system affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Apache Kafka could allow a local authenticated attacker to gain elevated privileges on the system, caused ...

6.5CVSS6.3AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/09 1:21 a.m.21 views

Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-43176)

Summary A vulnerability caused by improper authorization checks could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. Vulnerability Details CVEID:CVE-2024-43176 DESCRIPTION: IBM OpenPages could allow an...

5.4CVSS5.7AI score0.00272EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/08 6:32 p.m.36 views

Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by...

8.7CVSS8.9AI score0.01414EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/08 4:59 p.m.7 views

Security Bulletin: Vulnerability in Golang Go ( CVE-2023-39325) affects IBM Watson CP4D Data Stores

Summary A potential denial of service vulnerability CVE-2023-39325 has been identified related to Golang Go that affects IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: Golang...

7.5CVSS7.1AI score0.03796EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/08 4:58 p.m.18 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple CUPS ivulnerabilities

Summary Multiple vulnerabilities in CUPS has been identified that affect IBM Watson CP4D Data Stores.This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47176 DESCRIPTION: OpenPrinting cups-browsed could allow a remote attacker...

9.8CVSS8.1AI score0.76959EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/08 4:55 p.m.12 views

Security Bulletin: Vulnerability in Elasticsearch (CVE-2023-49921) affects IBM Watson CP4D Data Stores

Summary A potential vulnerability CVE-2023-49921 has been identified related to Elasticsearch that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-49921 DESCRIPTION: An issue was...

6.5CVSS6.6AI score0.00445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/08 4:50 p.m.9 views

Security Bulletin: Vulnerability in Elasticsearch (CVE-2023-49921) affects IBM Watson CP4D Data Stores

Summary A potential vulnerability CVE-2023-49921 has been identified related to Elasticsearch that may affect IBM Watson CP4D Data Stores. This vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-49921 DESCRIPTION: An issue was...

6.5CVSS6.6AI score0.00445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/08 7:10 a.m.24 views

Security Bulletin: Multiple Vulnerabilities in moment.js used by IBM Jazz Reporting Service (JRS) (CVE-2022-24785, CVE-2017-18214, CVE-2016-4055, CVE-2022-31129)

Summary There are multiple vulnerabilities identified in IBM Jazz Reporting Service JRS. These vulnerabilities have been fixed. Please apply the latest version to obtain the fixes. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse...

7.8CVSS7.5AI score0.09905EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/08 4:15 a.m.12 views

Security Bulletin: Vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - October 2024 CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/07 9:0 p.m.23 views

Security Bulletin: Multiple vulnerabilties affect IBM Db2 Big SQL on Cloud Pak for Data

Summary Multiple vulnerabilities affect IBM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a...

6.8CVSS8.9AI score0.03889EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/07 8:55 p.m.18 views

Security Bulletin: A vulnerability in the follow-redirect module affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in the node.js follow-redirect module affects IBM Db2 Big SQL 7.6 on Cloud Pak for Data 4.8 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

6.5CVSS6.6AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/07 10:22 a.m.33 views

Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server for Cloud Pak for Data

Summary Vulnerabilities existis in IBM Netezza Performance Server for Cloud Pak for Data is fixed in 11.2.3.3 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in Certifi has an unknown impact and attack vector. CWE:CWE-345:...

9.8CVSS10AI score0.05416EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/07 6:15 a.m.14 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 24.0.0.x which is vulnerable information disclosure

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 24.0.0.x which is vulnerable information disclosure. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application...

7.5CVSS5.6AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/06 8:45 p.m.14 views

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages affected by information disclosure vulnerability (CVE-2023-50314)

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about an information disclosure security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the...

7.5CVSS6.1AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/06 2:34 p.m.18 views

Security Bulletin: Multiple IBM® Db2® security vulnerability fixes

Summary If you use IBM® Db2® as your database in your IBM Datacap deployment, please follow the Db2 security bulletins referred here to remedy the vulnerabilities. IBM® Db2® is vulnerable to denial of service under specific conditions CVE-2024-45663, CVE-2024-41761, CVE-2024-41762, CVE-2024-37071...

7.5CVSS6.4AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/06 2:32 p.m.21 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn befor...

8.7CVSS7.1AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/06 2:23 p.m.13 views

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to...

8.7CVSS6.8AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/04 12:32 p.m.28 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in OpenSSL used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.6.0 and earlier. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note...

7.5CVSS8.7AI score0.92488EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/04 12:30 p.m.20 views

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.8 and earlier. These issues were disclosed in an IBM® Db2® Security Bulletin in January 2024. Vulnerability Details CVEID:CVE-2023-47158 DESCRIPTION: IBM DB2 for Linux, UNIX and...

7.5CVSS8.5AI score0.0098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/04 12:28 p.m.15 views

Security Bulletin: Multiple security vulnerabilties are affecting IBM Db2 Big SQL on Cloud Pak for Data

Summary Multiple security vulnerabilties are affecting IBM Db2 Big SQL 7.4 and earlier on Cloud Pak for Data 4.6 and earlier Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a speciall...

7.5CVSS6.8AI score0.09149EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/04 12:27 p.m.17 views

Security Bulletin: A vulnerability affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in the node.js ejs module affects IBM Db2 Big SQL 7.4 and earlier on Cloud Pak for Data 4.6 and earlier Vulnerability Details CVEID:CVE-2023-29827 DESCRIPTION: Node.js ejs module could allow a remote authenticated attacker to execute arbitrary code on the system, caused by...

9.8CVSS7.9AI score0.05552EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 4:44 p.m.23 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in IBM Semeru Runtime version 17

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE...

5.3CVSS7.9AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 11:30 a.m.11 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing uses a web link with untrusted references to an external site.

Summary When an user clicks a link to an external site, and that link has the target="blank" attribute, then the new site will be opened into a new tab or window, but will share its process with the original tab or window. The window.opener object stores information from the original window, so i...

9.8CVSS6.6AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 11:28 a.m.9 views

Security Bulletin: BM Engineering Lifecycle Optimization - Publishing uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Summary Weak cryptographic hashes cannot guarantee data integrity and should not be used in security-critical contexts. MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Recent advances in cryptanalysis have discovered weaknesse...

7.5CVSS6.4AI score0.00198EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 11:11 a.m.17 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to cause a denial of service using a complex regular expression.

Summary Regular expressions are a formal language for identifying strings of text, parsing, and matching them. Most regular expressions engines are built over a non-deterministic Finite Automaton NFA. They use backtracking and, while these regular expression engines can quickly confirm a positive...

7.5CVSS6.5AI score0.00469EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 11:9 a.m.13 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.

Summary TLS/SSL error handling in Java typically throws an java.net.ssl.SSLException or subtypes SSLHandshakeException, SSLKeyException, SSLPeerUnverifiedException or SSLProtocolException when there is a protocol or security problem detected by the SSL subsytem, particularly during SSL handshake ...

6.5CVSS6.6AI score0.00401EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 11:7 a.m.12 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser..

Summary When an error message is generated, care should be taken to ensure that it does not contain sensitive information about the environment, users or any other information that may be considered sensitive. Such information may be valuable itself or may be useful for further attacks with a...

5.3CVSS6.3AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 11:5 a.m.22 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow

Summary The software constructs all or part of an SQL command using externally-controlled input, but it does not neutralize properly that input that could modify the intended SQL command when it is sent to a database interaction method e.g. JDBC. Commonly a database table contains information tha...

7.3CVSS7.3AI score0.00308EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 11:4 a.m.17 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing Apache Commons IO is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class.

Summary Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing dot dot sequences /../ to view arbitrary files on the system...

4.3CVSS5AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/03 6:38 a.m.14 views

Security Bulletin: Multiple Vulnerabilities in Java Runtime affecting IBM Knowledge Catalog On Cloud Pak for Data

Summary Lineage component is an internal component of IBM Knowledge Catalog On Cloud Pak for Data. Vulnerabilities in Java Runtime are affecting Lineage component of IBM Cloud Pak for Data. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION:...

3.7CVSS6.3AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 4:14 p.m.25 views

Security Bulletin: Vulnerability in follow-redirects-1.15.3.tgz affects IBM Db2 Big SQL

Summary A vulnerability in node.js follow-redirects-1.15.3.tgz package affects I|BM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an...

7.3CVSS7.5AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 4:13 p.m.24 views

Security Bulletin: Vulnerability in Golang affects IBM Db2 Big SQL

Summary A vulnerability in Golang golang.org/x/net-v0.2.0 package affects I|BM Db2 Big SQL 7.6 and earlier on Cloud Pak for Data 4.8 and earlier. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the HPACK decoder. By sendi...

7.5CVSS7.5AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 4:12 p.m.28 views

Security Bulletin: A vulnerability in body-parser-1.20.2.tgz affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in open source package expressjs body-parser-1.20.2.tgz affects IBM Db2 Big SQL 7.x on Cloud Pak for Data 5.x Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by a flaw when url encoding is enabled. ...

7.5CVSS7.5AI score0.00824EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 4:9 p.m.24 views

Security Bulletin: A vulnerability in python certifi package affects IBM Db2 Big SQL

Summary There is a vulnerability in python package certifi-2024.6.2-py3-none-any.whl affecting IBM Db2 Big SQL 7.7.0 on CP4D 5.0 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root...

7.5CVSS7.2AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 3:59 p.m.36 views

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. Vulnerability Details CVEID:CVE-2023-39976 DESCRIPTION: ClusterLabs libqb is vulnerable to a buffer overflow, caused by improper bounds checking by the...

9.8CVSS9.4AI score0.01295EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 1:52 p.m.19 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK have affected Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments product

Summary Linux KVM Agent is from IBM Tivoli Monitoring for Virtual Environments product vulnerable to IBM java SDK. The fix includes IBM Java SDK upgraded to 8.0.8.25. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component...

9.8CVSS8.2AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/02 1:37 p.m.17 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK have affected VMware Agent from IBM Tivoli Monitoring for Virtual Environments product

Summary VMware Agent from IBM Tivoli Monitoring for Virtual Environments product is vulnerable to IBM java SDK. The fix includes IBM Java SDK upgraded to 08.08.25.00 version. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

7.5CVSS8.9AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/31 5:52 p.m.42 views

Security Bulletin: Vulnerabilities in VMware vCenter affect Cloud Pak System [CVE-2024-38812, CVE-2024-38813]

Summary Vulnerabilities in VMware vCenter affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38812 DESCRIPTION: Broadcom VMware vCenter Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation of the DCERPC protocol. By sending a...

9.8CVSS9.6AI score0.54143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/30 1:58 p.m.15 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tensorflow-2.12.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl CVE-2023-33976

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tensorflow-2.12.0-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl CVE-2023-33976. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-33976 DESCRIPTION:...

7.5CVSS6.8AI score0.00429EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/30 12:12 p.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. CVE-2023-27043

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. CVE-2023-27043. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Detail...

5.3CVSS6.7AI score0.02527EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/27 12:22 a.m.27 views

Security Bulletin: IBM SPSS Analytic Server is affected by netty vulnerability (CVE-2024-29025)

Summary IBM SPSS Analytic Server uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network...

5.3CVSS6.2AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/24 5:52 p.m.20 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site.

Summary IBM Engineering Lifecycle Optimization - Engineering Insights uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims' web browser. The web application...

9.8CVSS6.3AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/24 5:51 p.m.19 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Insights could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

Summary IBM Engineering Lifecycle Optimization - Engineering Insights could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. When an error message is...

5.3CVSS6.2AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/23 6:34 a.m.23 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high...

7.4CVSS6AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/20 6:1 a.m.12 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information, as described in the "Vulnerability...

7.5CVSS6AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/20 5:55 a.m.10 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information, as...

7.5CVSS5.8AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/20 5:52 a.m.12 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information, as...

7.5CVSS5.8AI score0.00254EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35692