Lucene search
K

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 4:8 p.m.•25 views

Security Bulletin: Mutiple vulnerabilites in Python affect IBM Robotic Process Automation

Summary Mutiple vulnerabilites in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib...

6.5CVSS6.7AI score0.02056EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 3:58 p.m.•27 views

Security Bulletin: A vulnerability in Microsoft .NET Core may affect IBM Robotic Process Automation and result in a remote attacker obtaining sensitive information (CVE-2018-8292).

Summary Microsoft .NET Core is used by IBM Robotic Process Automation as part of the development platform CVE-2018-8292. Vulnerability Details CVEID:CVE-2018-8292 DESCRIPTION: Microsoft .NET Core could allow a remote attacker to obtain sensitive information, caused by an open redirect...

7.5CVSS7.4AI score0.14833EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 3:56 p.m.•23 views

Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip...

8.8CVSS8.4AI score0.03028EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 3:55 p.m.•24 views

Security Bulletin: A vulnerability in Python affects IBM Robotic Process Automation and could allow a remote authenticated attacker to obtain sensitive information (CVE-2023-43804).

Summary A vulnerability in Python affects IBM Robotic Process Automation and could allow a remote authenticated attacker to obtain sensitive information CVE-2023-43804. IBM Robotic Process Automation uses Python as part of NLP and Abbyy. This security bulletin identifies the fixes that are requir...

8.1CVSS8.8AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 3:46 p.m.•18 views

Security Bulletin: Multiple vulnerabilies in Go affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple vulnerabilies in Go affect IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation as part of it's operators. This bulletin identifies the fixes to resovle the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21626 DESCRIPTION: Open Contain...

8.6CVSS7.4AI score0.18087EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/12/02 8:30 a.m.•26 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 286 Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A...

6.5CVSS7AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/28 3:48 p.m.•45 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 284 Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing HTTP/2 server push. By sending a specially...

9.8CVSS9.4AI score0.36081EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/28 9:5 a.m.•20 views

Security Bulletin: Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms.

Summary Security vulnerabilities may affect IBM Java shipped with IBM TXSeries for Multiplatforms. Updates to IBM TXSeries for Multiplatforms have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE relate...

7.4CVSS6.8AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/27 5:0 p.m.•43 views

Security Bulletin: Financial Transaction Manager v4 is impacted by multiple vulnerabilities in IBM Java SE

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager v4.0.6.0 iFix4 Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity...

7.5CVSS6.3AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/27 4:34 p.m.•22 views

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21208 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM for JDK,...

3.7CVSS6.9AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/27 4:29 p.m.•27 views

Security Bulletin: Financial Transaction Manager v4 is impacted by multiple vulnerabilities in WebSphere Liberty

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager 4.0.6.0 iFix4 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

7.5CVSS7.4AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/27 2:26 p.m.•33 views

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Buffer Overflow, Server Side Request Forgery SSRF and Improper Error Handling vulnerabilities. Please refer to the tabl...

8.8CVSS10AI score0.4644EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/26 9:12 p.m.•14 views

Security Bulletin: The IBM® Engineering Lifecycle Management is vulnerable to cross-site scripting

Summary A cross-site scripting vulnerability has been identified on the URL "/jts/auth/authrequired". The web-url does not properly sanitise and escape xss payload before out-putting a 'layout' parameter that users supply to the response body leading to a Cross Site Scripting attack. This bulleti...

6.1CVSS5.4AI score0.00288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/26 9:10 p.m.•16 views

Security Bulletin: Insufficient verification of data authenticity might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable to insufficient verification of data authenticity. The vulnerability has been addressed. CVE-2023-37920 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tugra root certificate in...

9.8CVSS6.7AI score0.00468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/26 5:37 p.m.•17 views

Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability

Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability. Vulnerability Details CVEID:CVE-2024-52899 DESCRIPTION: IBM Data Virtualization Manager for z/OS could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server...

8.8CVSS7.4AI score0.00773EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/26 9:40 a.m.•62 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF004 Vulnerability Details CVEID:CVE-2024-38821 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security...

9.8CVSS9.1AI score0.66594EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/25 1:57 p.m.•20 views

Security Bulletin: IBM Workload Scheduler stores user credentials in plain text.

Summary IBM Workload Scheduler stores user credentials in plain text which can be read by a local user. CVE-2024-49351 Vulnerability Details CVEID:CVE-2024-49351 DESCRIPTION: IBM Workload Scheduler stores user credentials in plain text which can be read by a local user. CWE:CWE-256: Plaintext...

5.5CVSS6.2AI score0.00146EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/25 5:3 a.m.•13 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Repodebug

Summary Repodebug shows Oracle password in the plain text. This only occurs with Oracle DB. Customer observed that repodebug shows the database username and password for Oracle jdbc connections which is a vulnerability. This bulletin contains information regarding the remediation actions...

7.5CVSS6.7AI score0.01204EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/25 5:0 a.m.•15 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in User Dashboards

Summary A vulnerability was reported in dashboard during pen testing. User's dashboard could be changed with a PUT request which did not check the user's identity, and this request enabled a user to change any dashboard the user has read access to. This bulletin contains information regarding the...

5.3CVSS6AI score0.00402EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 8:17 p.m.•15 views

Security Bulletin: Apache uimaj-core.jar security vulnerability CVE-2017-15691

Summary Apache uimaj-core.jar security vulnerability CVE-2017-15691 in FileNet Content Manager FNCM Content Search Services CSS/Enterprise Content Management Text Search ECMTS. CSS/ECMTS is affected and is potentially vulnerable. Vulnerability Details CVEID:CVE-2017-15691 DESCRIPTION: Apache uima...

6.5CVSS5.8AI score0.09021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 6:2 p.m.•45 views

Security Bulletin: Security Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processe...

7.5CVSS7.4AI score0.02114EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 4:52 p.m.•18 views

Security Bulletin: This Power System update is being released to address CVE-2022-0480 and CVE-2023-6531

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-0480 an...

7CVSS7AI score0.00272EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 4:10 p.m.•17 views

Security Bulletin: Security vulnerabilities fixed in IBM Security Directory Suite (CVE-2022-33167, CVE-2022-32754, CVE-2022-33162)

Summary Security vulnerabilities found in IBM Security Directory Integrator as shipped with IBM Security Directory Suite were fixed. Vulnerability Details CVEID:CVE-2022-33167 DESCRIPTION: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a...

9.8CVSS6.7AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 4:0 p.m.•44 views

Security Bulletin: Security vulnerability discovered in IBM Security Directory Server and IBM Security Verify Directory (CVE-2022-32754)

Summary IBM Security Verify Directory and IBM Security Directory Server addressed a cross-site scripting vulnerability in the web administration tool. Vulnerability Details CVEID:CVE-2022-32754 DESCRIPTION: IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This...

4.8CVSS5.7AI score0.00321EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 1:25 p.m.•16 views

Security Bulletin: Financial Transaction Manager for Digital Payments is impacted by an information disclosure vulnerability in WebSphere Application Server Liberty

Summary An information disclosure vulnerability has been addressed in Financial Transaction Manager 3.2.13 for Digital Payments, Corporate Payment Services and High Value Payments. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through...

7.5CVSS5.9AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 1:16 p.m.•29 views

Security Bulletin: Financial Transaction Manager for Digital Payments is impacted by multiple vulnerabilities in IBM Java SE

Summary Multiple vulnerabilities were addressed in Financial Transaction Manager 3.2.13 for Digital Payments, Corporate Payment Services and High Value Payments. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow...

7.4CVSS7.1AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 12:54 p.m.•30 views

Security Bulletin: BM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-47875)

Summary IBM Sterling Connect:Direct Web Services uses DOMPurify as a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolera...

10CVSS9AI score0.01093EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 12:53 p.m.•24 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by DOMPurify vulnerability (CVE-2024-45801)

Summary IBM Sterling Connect:Direct Web Services uses DOMPurify could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in depth check. Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify could allow a remote attacker to execute...

7.3CVSS7.7AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 4:4 a.m.•34 views

Security Bulletin: Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services [CVE-2016-1000027]

Summary There is a vulnerability in Spring Framework that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM SPSS Collaboration and Deployment Services This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2016-1000027...

9.8CVSS8.1AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 3:57 a.m.•4 views

Security Bulletin: Multiple vulnerabilities may affect IBM SPSS Analytic Server

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty were addressed in IBM SPSS Analytic Server. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM SPSS Analyt...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/22 3:54 a.m.•20 views

Security Bulletin: IBM SPSS Analytic Server has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2022-48285)

Summary IBM SPSS Analytic Server has addressed multiple security vulnerabilities CVE-2022-48285, CVE-2022-48285 Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files...

7.3CVSS7.6AI score0.01411EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 10:2 p.m.•25 views

Security Bulletin: IBM Technical Support Appliance - possible degraded performance or excessive CPU usage

Summary Domain Name Service DNS messaging is used to resolve hostnames to IP addresses. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in resolver caches and authoritative zone databas...

7.5CVSS7.2AI score0.02114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 9:57 p.m.•16 views

Security Bulletin: IBM Technical Support Appliance - possible access to stale data

Summary Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. Vulnerability Details CVEID:CVE-2023-31346 DESCRIPTION: AMD SEV-SNP Firmware could allow a local authenticated attacker to obtain sensitive information, caused by the failu...

6CVSS5.9AI score0.00309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 9:46 p.m.•46 views

Security Bulletin: IBM Technical Support Appliance - possible excessive CPU usage or denial of service

Summary DNS protocol allows teh IBM Technical Suport Appliance to resolve hostnames to their corresponding IP address. Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS messages. By flooding the target...

7.5CVSS7.1AI score0.99995EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 9:37 p.m.•19 views

Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information

Summary RSA-PSK key exchange occurs when establishing a connection from a web browser to the IBM Technical Support Appliance web UI. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive information. By perform a timing side-channel attack...

7.5CVSS6.5AI score0.01614EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 9:35 p.m.•24 views

Security Bulletin: IBM Technical Support Appliance - possible exposure of sensitive information

Summary RSA-PSK key exchange occurs when establishing a connection from a web browser to the IBM Technical Support Appliance web UI. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issu...

5.9CVSS6.3AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 9:27 p.m.•37 views

Security Bulletin: IBM Technical Suppport Appliance - possible security flaws or denial of service

Summary Numerous fixes to the Linux kernel for reported issues related to various security vulnerabilities such as demnial of service, unauthorized access, or leakage of sensitive data. Vulnerability Details CVEID:CVE-2021-43975 DESCRIPTION: Linux Kernel could allow a local authenticated attacker...

8.8CVSS9.4AI score0.03882EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 11:47 a.m.•22 views

Security Bulletin: IBM SPSS Analytic Server is affected by vulnerability in Netty (CVE-2022-41915)

Summary Netty is used by IBM SPSS Analytic Server. The latest patch includes Netty 4.1.109.Final to fix the vulnerability. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an...

6.5CVSS6.4AI score0.00885EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 7:31 a.m.•27 views

Security Bulletin: Vulnerability in jetty-http affects IBM Integrated Analytics System[CVE-2023-36478]

Summary The jetty-http package is used by IBM Integrated Analytics System. IBM Integrated Anayltics System has addresed the applicable CVE CVE-2023-36478. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and...

7.5CVSS7AI score0.03754EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 7:22 a.m.•14 views

Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime

Summary The IBM SPSS Collaboration and Deployment Services using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2023 - Includes Oracle April 2023 CPU is vulnerable to CVE-2023-2597. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the...

9.1CVSS6.5AI score0.00422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 7:19 a.m.•12 views

Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime

Summary The IBM SPSS Collaboration and Deployment Services using IBM Semeru Runtime Quarterly CPU - Jan 2024 - Includes OpenJDK Jan 2024 CPU plus CVE-2024-22361. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS6.5AI score0.00323EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 7:16 a.m.•12 views

Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime

Summary The IBM SPSS Collaboration and Deployment Services using BM SDK, Java Technology Edition Quarterly CPU - Jan 2024 -Includes Oracle July 2024 CPU plus CVE-2024-27267. These vulnerabilities are addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.9CVSS6.4AI score0.00445EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/21 5:5 a.m.•5 views

Security Bulletin: The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime

Summary The IBM SPSS Collaboration and Deployment Services impacted by multiple vulnerabilities disclosed in IBM Semeru Runtime Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- SPSS...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/20 9:52 p.m.•6 views

Security Bulletin: IBM Data Virtualization Manager for z/OS has a remote code execution (RCE) vulnerability

Summary IBM Data Virtualization Manager for z/OS has a remote code execution RCE vulnerability in the JDBC component with fix pack dvm-jdbc-3.1.202406111013. Vulnerability Details CVEID: NA Description: Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during...

7.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/20 4:56 p.m.•23 views

Security Bulletin: AIX is vulnerable to a denial of service due to ISC BIND

Summary Multiple vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service CVE-2024-0760, CVE-2024-1737, CVE-2024-4076, CVE-2024-1975. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2024-0760 DESCRIPTION: ISC BIND is vulnerable to a...

7.5CVSS8AI score0.0468EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/20 3:25 p.m.•28 views

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable...

7.5CVSS5.8AI score0.00932EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/20 3:23 p.m.•31 views

Security Bulletin: IBM QRadar Pre-Validation App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...

7.5CVSS9.7AI score0.58768EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/20 2:59 p.m.•32 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about the security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

8.8CVSS8AI score0.01163EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/20 1:56 p.m.•35 views

Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2019-8331 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting,...

10CVSS9.2AI score0.1686EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/11/20 1:37 p.m.•15 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314

Summary Security Bulletin:IBM WebSphere Application Server Liberty is vulnerable to information disclosure which is vulnerable to this CVE-2023-50314. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM...

7.5CVSS7AI score0.00254EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35702