Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/10 5:21 a.m.14 views

Security Bulletin: IBM Automation Decision Services for August 2024 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-5321...

6.1CVSS7.2AI score0.00071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 9:26 p.m.14 views

Security Bulletin: IBM OpenPages exposes client-side source code through use of JavaScript source maps (CVE-2024-27257)

Summary A vulnerability caused by exposure of information about IBM OpenPages client-side source code through use of JavaScript source maps to unauthorized users is addressed. Vulnerability Details CVEID:CVE-2024-27257 DESCRIPTION: IBM OpenPages potentially exposes information about client-side...

4.3CVSS4.4AI score0.00094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 6:48 p.m.35 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multible go-git vulnerabilities.

Summary Potential go-git vulnerabilities CVE-2023-49568, CVE-2023-49569 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-49568 DESCRIPTIO...

9.8CVSS9.5AI score0.04027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 1:24 p.m.22 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection (CVE-2024-40689)

Summary A SQL injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-40689 DESCRIPTION: IBM InfoSphere Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to...

9.8CVSS6.3AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:21 a.m.22 views

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7CVSS7.2AI score0.00019EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:21 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367 Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote...

4.8CVSS4.9AI score0.0024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:19 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569 Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in th...

6.2CVSS6.1AI score0.00016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:18 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component usesidna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component usesidna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted...

7.5CVSS7.2AI score0.00689EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:17 a.m.20 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-2024-37891

Summary IBM Maximo Application Suite - Predict Component component uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-202437891 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, cause...

6.5CVSS5AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:16 a.m.14 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses requests-2.31.0-py3-none-any.whl which is vulnerable to this CVE-2024-35195

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses requests-2.31.0-py3-none-any.whl which is vulnerable to this CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security...

5.6CVSS5.5AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:14 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

4.8CVSS4.8AI score0.0024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:13 a.m.19 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is...

6.2CVSS6.1AI score0.00016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:12 a.m.21 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155

Summary IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerab...

6.1CVSS6.5AI score0.00557EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 8:10 a.m.22 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component usesscikit_learn-1.3.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-5206

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesscikitlearn-1.3.2-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

4.7CVSS4.8AI score0.00037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 7:8 a.m.66 views

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

8.1CVSS9.1AI score0.03726EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/09 5:29 a.m.28 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

7.5CVSS6.9AI score0.003EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 3:43 p.m.51 views

Security Bulletin: IBM DataPower Gateway vulnerable to multiple kernel CVEs

Summary IBM DataPower Gateway has addressed multiple CVEs in 10.5.0.12 Vulnerability Details CVEID:CVE-2023-2162 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a use-after-free flaw in the iscsiswtcpsessioncreate function in drivers/scsi/iscsitcp...

7.5CVSS8.9AI score0.00025EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 12:19 p.m.15 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in IBM® License Key Server(CVE-2023-50945 and CVE-2023-50946)

Summary A vulnerability in IBM License Key Server Administration and Reporting Tool, and Agent allowed users' stored passwords to be exposed through the browser's console. This issue could potentially lead to unauthorized access to user accounts if an attacker gained access to the logged-in user'...

6.5CVSS6AI score0.00077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 9:28 a.m.43 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to denial of service, privilege escalation and kerberos 5

Summary Kerberos 5 and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation, and privilege escalation which may lead to bypassing security restrictions. This bulletin identifies the steps required to address these...

9.1CVSS8.1AI score0.02606EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 8:41 a.m.19 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-25026)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS6.4AI score0.00021EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 8:38 a.m.25 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature.(CVE-2024-22353)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7.5CVSS7.7AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 8:33 a.m.42 views

Security Bulletin: Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022)

Summary There are multple cross site scripting vulnerabilities in Apache Ant that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

6.9CVSS6.8AI score0.3063EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 8:31 a.m.15 views

Security Bulletin: There is a vulnerability in tinymce-6.8.1.min.js used by IBM Maximo Asset Management application (CVE-2024-38357, CVE-2024-38356)

Summary There is a vulnerability in tinymce-6.8.1.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-38357 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the noscript elements. A remote...

6.1CVSS6AI score0.01148EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 8:29 a.m.13 views

Security Bulletin: There is a vulnerability in Manage Componenet used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-37068)

Summary There is a vulnerability in Manage Componenet used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-37068 DESCRIPTION: IBM Maximo Application Suite - Manage Component uses weaker than expected cryptographic algorithms that could allow ...

7.5CVSS6.1AI score0.00069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 8:28 a.m.24 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50313)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS6.6AI score0.00021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 8:22 a.m.40 views

Security Bulletin: Multiple vulnerabilities in Netty affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis

Summary There are vulnerabilities in various versions of Netty that affect Apache Solr, Apache Zookeeper and Logstash. The vulnerabilities are in Vulnerability Details section Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw i...

9.1CVSS8.3AI score0.17932EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/06 8:13 a.m.12 views

Security Bulletin: Netty vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis

Summary There is a potential validation vulnerability in Netty that is used by Apache Solr. This has been addressed Vulnerability Details IBM X-Force ID: 221368 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by improper hostname verification. An attacker could exploit this...

6.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 10:14 p.m.20 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in requirejs

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of requirejs. Vulnerability Details CVEID:CVE-2024-38999 DESCRIPTION: jrburke requirejs could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the function...

10CVSS9.8AI score0.00283EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 10:2 p.m.17 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in guava-23.0.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of guava-23.0.jar Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default...

7.1CVSS6.7AI score0.00065EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 9:58 p.m.31 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in google-protobuf-3.11.2.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of google-protobuf-3.11.2.gem Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and te...

7.5CVSS7.3AI score0.00166EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 9:54 p.m.57 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in elasticsearch-7.10.2.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of elasticsearch-7.10.2.jar Vulnerability Details CVEID:CVE-2023-31418 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a moderate...

7.5CVSS6.8AI score0.35125EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 9:50 p.m.18 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenCV

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenCV Vulnerability Details CVEID:CVE-2023-2617 DESCRIPTION: OpenCV wechatqrcode Module is vulnerable to a denial of service, caused by a flaw in the DecodedBitStreamParser::decodeByteSegment function at...

7.5CVSS7.5AI score0.00078EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 9:46 p.m.49 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenSSH

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenSSH Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. By sending a specially...

8.1CVSS8.5AI score0.65792EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 9:34 p.m.28 views

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by an issue in OpenSSL (CVE-2024-2511)

Summary An issue was identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the IBM i...

5.9CVSS6.5AI score0.08833EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 9:25 p.m.29 views

Security Bulletin: IBM MQ Console is affected by a security bypass vulnerablity (CVE-2024-40681)

Summary IBM MQ has addressed a security bypass vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-40681 DESCRIPTION: IBM MQ could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. CVSS...

8.8CVSS7.5AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 8:5 p.m.71 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF002

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF002 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite...

8.4CVSS9.3AI score0.00124EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 7:25 p.m.28 views

Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-35151)

Summary A vulnerability caused by improper authorization checks could allow authenticated users access to sensitive information through APIs. Vulnerability Details CVEID:CVE-2024-35151 DESCRIPTION: IBM OpenPages with Watson could allow authenticated users access to sensitive information through...

6.5CVSS6.4AI score0.0013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 7:12 p.m.84 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request...

9.8CVSS9.8AI score0.93858EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 7:5 p.m.24 views

Security Bulletin: Vulnerability in Golang Go affects watsonx.data

Summary Golang Go could allow a remote attacker to obtain sensitive information vis a flaw in the Faccessat function when called with a non-zero flags parameter. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-29526 DESCRIPTION: Golang Go could allow a remote attacker to obta...

5.3CVSS6.6AI score0.00182EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:54 p.m.10 views

Security Bulletin: Vulnerability in QOS.CH reload4j affects watsonx.data

Summary QOS.CH reload4j could allow a remote attacker access to sensitive information or perform server-side attacks on watsonx.data. Vulnerability Details IBM X-Force ID: 294027 DESCRIPTION: QOS.CH reload4j allow a remote attacker to obtain sensitive information, caused by improper handling of X...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:52 p.m.16 views

Security Bulletin: Vulnerability in QOS.ch Sarl Logback affects watsonx.data

Summary A serialization vulnerability in logback receiver component part of QOS.ch Sarl Logback allows an attacker to mount a Denial-Of-Service attack on watsonx.data by sending poisoned data. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback...

7.5CVSS7.4AI score0.00613EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:50 p.m.36 views

Security Bulletin: Vulnerability in Go affects watsonx.data

Summary Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sendin...

7.5CVSS7.2AI score0.00074EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:48 p.m.20 views

Security Bulletin: Vulnerability in Elastic Elasticsearch-Hadoop affects watsonx.data

Summary Elastic Elasticsearch-Hadoop could allow the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. As this occurs when the user has been authenticated, there is limited impact to watsonx.data. Vulnerabili...

7.8CVSS8.1AI score0.00064EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:38 p.m.37 views

Security Bulletin: Vulnerabilities in Eclipse Jetty and JUnit4 affect watsonx.data

Summary Eclipse Jetty could allow remote attacks to obtain sensitive information and JUnit4 could allow a local attacker to obtain sensitive information. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-10246 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain...

5.5CVSS7AI score0.0336EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:34 p.m.24 views

Security Bulletin: Vulnerability in Go affects watsonx.data

Summary TheScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go have an unspecified error that returns an incorrect result which has an unknown impact and attack vector. watsonx.data may be affected by this. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified...

5.3CVSS7.2AI score0.00026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:20 p.m.96 views

Security Bulletin: IBM HTTP Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server (CVE-2024-24795, CVE-2023-38709)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-24795 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by a flaw in multip...

7.3CVSS6.5AI score0.04473EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:12 p.m.24 views

Security Bulletin: Vulnerability in Eclipse Openj9 affects watsonx.data

Summary Eclipse Openj9 could allow a remote attacker to bypass security restrictions, where memory could be accessed or modified. This exploit can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security...

6.5CVSS6.6AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:10 p.m.36 views

Security Bulletin: Vulnerability in Apache Hadoop affects watsonx.data

Summary For CVE-2018-11768, a remote hacker could exploit a vulnerability in Apache Hadoop caused by a mismatch in the size of the fields used to store user/group information between memory and disk representation. For CVE-2020-9492, a remote attacker could gain elevated privileges on the system,...

8.8CVSS8.4AI score0.01294EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:7 p.m.35 views

Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data

Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gai...

9.1CVSS8.1AI score0.00091EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/05 6:5 p.m.22 views

Security Bulletin: Vulnerability in Eclipse Jetty affects watsonx.data

Summary Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connection...

7.5CVSS7.3AI score0.00559EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059