Lucene search
K

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/12 3:1 p.m.•25 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2023-52881)

Summary This issue can affect TCP networking Vulnerability Details CVEID:CVE-2023-52881 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian...

5.5CVSS6.5AI score0.00227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/12 2:16 p.m.•21 views

Security Bulletin: IBM Operational Decision Manager for Oct 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-5236...

7.2CVSS8.2AI score0.0089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/12 2:18 a.m.•33 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak for Data. Please refer to the Related Information section below for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IB...

10CVSS8.9AI score0.36081EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/11 10:59 p.m.•43 views

Security Bulletin: IBM Data Product Hub is affected by several vulnerabilities

Summary IBM Data Product Hub has a dependencies on IBM WebSphere Application Server Liberty, IBM Semeru Runtime, and Node.js elliptic & path-to-regexp modules, which are vulnerable. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details...

8.7CVSS8.7AI score0.05966EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/11 6:44 p.m.•68 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-23454 DESCRIPTION: Apache Hadoop could allow a local authenticated attacker t...

9.8CVSS9AI score0.99999EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/11 1:17 p.m.•27 views

Security Bulletin: IBM Cloud Pak System is vulnerable to multiple vulnerabilities in IBM Java SDK.

Summary IBM Cloud Pak System is vulnerable to multiple vulnerabilities in IBM SDK. The fix removes these vulnerabilities as per IBM SDK, Java Technology Apr 2024. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allo...

5.9CVSS4.9AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/11 10:20 a.m.•31 views

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their October 2024 Vulnerability Advisory, plus CVE-2024-10917 and CVE-2024-9143. For more information please refer to OpenJDK's October 2024 Vulnerability Advisory and the X-Force...

5.3CVSS6.7AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/11 8:56 a.m.•11 views

Security Bulletin: There is a vulnerability in the Flask library impacting IBM watsonx Code Assistant for Ansible

Summary There is a vulnerability in the Flask library impacting IBM watsonx Code Assistant for Ansible. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitiv...

7.5CVSS6.2AI score0.01261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/10 6:28 p.m.•44 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-45663)

Summary IBM® Db2® is vulnerable to denial of service as the server may crash under certain conditions with a specially crafted query. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the...

7.5CVSS6.5AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/10 6:6 p.m.•29 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-37071)

Summary IBM® Db2® is vulnerable to denial of service under certain conditions with a specially crafted query by an authenticated user. Vulnerability Details CVEID:CVE-2024-37071 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause...

6.5CVSS6.6AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/10 6:1 p.m.•25 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-41761)

Summary IBM® Db2® is vulnerable to denial of service as the server may crash under certain conditions with a specially crafted query. Vulnerability Details CVEID:CVE-2024-41761 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the...

5.3CVSS6.6AI score0.00407EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/10 5:27 p.m.•28 views

Security Bulletin: IBM® Db2® is vulnerable to denial of service under specific conditions (CVE-2024-41762)

Summary IBM® Db2® is vulnerable to denial of service as the server may crash under certain conditions with a specially crafted query. Vulnerability Details CVEID:CVE-2024-41762 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the...

6.5CVSS6.7AI score0.00389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/10 4:40 p.m.•17 views

Security Bulletin: There are multiple vulnerabilities in IBM App Connect Enterprise due to IBM Semeru Runtime

Summary There are multiple vulnerabilities in IBM App Connect Enterprise due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition related to the Serialization...

5.3CVSS8AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/10 11:39 a.m.•15 views

Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool.

Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-49761 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending a specially...

8.7CVSS7.1AI score0.01429EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/10 9:32 a.m.•10 views

Security Bulletin: Promise based HTTP client for the browser and node.js

Summary Axios is vulnerable to Regular Expression Denial of Service ReDoS. When a manipulated string is provided as input to the format method, the regular expression exhibits a time complexity of On^2. Server becomes unable to provide normal service due to the excessive cost and time wasted in...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/10 9:20 a.m.•7 views

Security Bulletin: User can inject the suspected code via URL passed

Summary A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to cod...

8.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/09 10:18 p.m.•16 views

Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2024-47107)

Summary IBM QRadar SIEM is vulnerable to cross-site scripting. This vulnerability has been addressed in the update. Vulnerability Details CVEID:CVE-2024-47107 DESCRIPTION: IBM QRadar is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary...

6.4CVSS6.2AI score0.00226EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/09 7:15 p.m.•17 views

Security Bulletin: IBM Business Automation Navigator is affected by a vulnerability in path-to-regexp (CVE-2024-45296)

Summary IBM Business Automation Navigator has addressed the following vulnerability. This does not impact IBM Content Navigator on-prem. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable to a denial of service, caused by a regular expression denial of...

7.5CVSS7.3AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/09 6:49 p.m.•10 views

Security Bulletin: "Carbon Charts" is vulnerable to Cross-site Scripting due to Improper Neutralization of Input During Web Page Generation (CWE-79)

Summary The issue arises from the library not sanitizing custom HTML provided by developers, allowing potentially harmful scripts to be executed in the user's browser when interacting with the chart. Vulnerability Details CVEID:CVE-2024-47117 DESCRIPTION: IBM Carbon Design System is vulnerable to...

5.4CVSS5.8AI score0.00223EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/09 6:18 p.m.•30 views

Security Bulletin: Multiple vulnerabilities which can affect IBM Storage Scale are now fixed.

Summary There are several vulnerabilities in IBM Storage Scale which could provide weaker than expected security that are now fixed. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

7.5CVSS7.5AI score0.99019EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/09 9:46 a.m.•40 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.1CVSS9.8AI score0.66594EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/09 7:6 a.m.•6 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons-Codec version less than 1.13

Summary A vulnerability has been identified in Apache Commons-Codec version less than 1.13, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details IBM X-Force ID: 177835...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/09 6:59 a.m.•15 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Jdom-1.0

Summary A vulnerability has been identified in Jdom version 1.0, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a...

7.5CVSS6.9AI score0.19442EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/08 2:16 p.m.•42 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker obtaining sensitive information, bypassing security restrictions, and a server-side request forgery due to multiple vulnerabilities.

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to a remote attacker obtaining sensitive information due to ignoring legacy content-type based configuration of handlers CVE-2024-39884 and improper validation of input CVE-2024-38476, a bypass of security restrictions due to a fla...

9.8CVSS7.4AI score0.41611EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/06 5:13 p.m.•25 views

Security Bulletin: Vulnerability in certifi-2024.2.2-py3-none-any.whl can affect IBM Storage Scale

Summary There is a vulnerability in certifi-2024.2.2-py3-none-any.whl, used by IBM Storage Scale, which could provide weaker than expected security. CVE-2024-39689 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by...

7.5CVSS7.2AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/06 4:39 p.m.•15 views

Security Bulletin: IBM SDK Java Technology Edition is vulnerable to CVEs (set out in the link below), affecting WebSphere Service Registry and Repository due to October 2024 CPU

Summary IBM SDK Java Technology Edition is vulnerable to CVE-2024-10917, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in December 2024. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

5.3CVSS6.8AI score0.00423EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/06 3:40 p.m.•16 views

Security Bulletin: Security vulnerabilities were discovered in IBM Java SE as shipped with IBM Security Directory Integrator.

Summary Multilple Security Vulnerabilities were addressed in IBM Java SE as shipped with IBM Security Directory Integrator Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with...

5.3CVSS6.3AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/06 12:0 p.m.•39 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to Kerberos 5, OpenSSL, libexpat, golang-jwt, and GnuPG Libgcrypt

Summary Kerberos 5, OpenSSL, libexpat, golang-jwt, GnuPG Libgcrypt and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation and server configuration validation, spoofing attacks, and providing weaker than expected...

9.1CVSS8.9AI score0.54026EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/06 5:42 a.m.•13 views

Security Bulletin: IBM Observability with Instana is vulnerable to Improper Validation of Specified Type of Input

Summary Golang Go is used by IBM Instana Observability as part of the elasticsearch-operator CVE-2024-24790 . This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24790 DESCRIPTION: An unspecified error related to various Is methods...

9.8CVSS7.1AI score0.01952EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/06 5:38 a.m.•14 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Denial of Service attacks vulnerability with snakeYaml library

Summary Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Denial of Service attacks vulnerability due to snakeYaml library. Vulnerability Details CVEID:CVE-2022-41854 DESCRIPTION: snakeYAML is vulnerable to a denial of service, caused by improper input validation. By...

6.5CVSS6.5AI score0.01476EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/06 5:37 a.m.•20 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to cross-site scripting (CVE-2023-38722)

Summary IBM Sterling Partner Engagement Manager has addressed a reflected cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a...

6.5CVSS6.2AI score0.01642EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/06 5:35 a.m.•14 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable due to SnakeYAML issue

Summary IBM Sterling Partner Engagement Manager uses SnakeYAML, which is subject to stack overflow when parsing YAML files. Vulnerability Details CVEID:CVE-2022-38750 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a...

6.5CVSS6.9AI score0.01025EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/06 5:31 a.m.•14 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to org.yaml:snakeyaml Denial of Service (DoS)

Summary IBM Sterling Partner Engagement Manager uses org.yaml:snakeyaml Denial of Service , affected for the CVE CVE-2022-25857 Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation...

7.5CVSS6.7AI score0.02191EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/05 11:38 p.m.•23 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Eclipse Jetty

Summary Multiple vulnerabilities in Eclipse Jetty that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw in the DosFilter feature. By sending specially crafted...

7.5CVSS7.1AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/05 4:33 p.m.•51 views

Security Bulletin: Vulnerability in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to October 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

4.8CVSS5.9AI score0.0095EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/05 12:14 p.m.•37 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to improper input validation

Summary IBM Sterling Secure Proxy is affected by an improper input validation vulnerability that is exploitable by authenticated, privileged users. Vulnerability Details CVEID:CVE-2024-41783 DESCRIPTION: IBM Sterling Secure Proxy could allow a privileged user to inject commands into the underlyin...

9.1CVSS6.3AI score0.00644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 11:11 p.m.•52 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a D...

7.5CVSS6.8AI score0.05533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 10:17 p.m.•22 views

Security Bulletin: PowerSC is vulnerable to information disclosure, denial of service, and security restrictions bypass due to Curl

Summary Vulnerabilities in Curl could allow a local attacker to obtain sensitive information CVE-2024-7264 or a remote attacker to cause a denial of service CVE-2024-6197, CVE-2024-37371 or bypass security restrictions CVE-2024-37370. PowerSC uses Curl as part of PowerSC Trusted Network Connect...

9.1CVSS7.5AI score0.16212EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 9:59 p.m.•19 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Werkzeug

Summary Multiple vulnerabilities in Werkzeug used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server Gateway Interface web application library. On Python = 3.11, or not using Windows, are not vulnerable. Werkzeug versi...

7.5CVSS6.4AI score0.01093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 3:19 p.m.•26 views

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in CKEditor

Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in CKEditor Vulnerability Details CVEID:CVE-2021-32808 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used alongside the...

8.2CVSS7.4AI score0.01652EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 3:17 p.m.•7 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to Apache Commons Codec (177835)

Summary IBM Sterling B2B Integrator uses Apache Commons Codec. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 3:14 p.m.•20 views

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple security vulnerabilities in IBM WebSphere Application Server

Summary IBM Sterling B2B Integrator is affected by multiple security vulnerabilities in IBM WebSphere Application Server Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to obtain sensitive information, caused by allowing of a low iteration count of 100...

7.5CVSS8.1AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 12:46 p.m.•20 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their October 2024 Critical Patch Update, plus CVE-2024-10917. For more information please refer to Oracle's October 2024 CPU Advisory and the X-Force database entries...

5.3CVSS6.1AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 10:17 a.m.•67 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.22 LTS, 12.0.6 LTS and 12.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

9.8CVSS9.3AI score0.66594EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 6:52 a.m.•46 views

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager TADDM. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote...

7.5CVSS7.3AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/04 5:50 a.m.•22 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS7AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 10:37 p.m.•24 views

Security Bulletin: A security vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation which may result in spoofing attacks (CVE-2023-50314)

Summary A security vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation which may result in spoofing attacks. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin...

7.5CVSS6.4AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 10:36 p.m.•80 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation. IBM WebSphere Liberty Profile is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to...

7.5CVSS8.6AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 4:25 p.m.•37 views

Security Bulletin: Multiple security vulnerabilities in IBM MQ affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation as a system queue. This bulletin identifies the fixes to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-40681 DESCRIPTION: IBM MQ Operator...

8.8CVSS7.6AI score0.54026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 4:9 p.m.•18 views

Security Bulletin: Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

9.1CVSS9.4AI score0.36081EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35702