Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/03 8:5 p.m.29 views

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty is vulnerable to HTTP request smuggling, to remote attacks causing weaker than expected security, and to denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw...

9.1CVSS8.5AI score0.17932EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/03 7:51 p.m.26 views

Security Bulletin: IBM Security QRadar EDR Software has weaker than expected security due to an included component (CVE-2024-39689)

Summary IBM Security QRadar EDR Software includes a vulnerable component e.g., framework library that could be identified and exploited with automated tools. This has been addressed in an update. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker...

7.5CVSS7.2AI score0.25805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/03 2:18 p.m.43 views

Security Bulletin: IBM DataPower Gateway vulnerable to data truncation and DoS in Kerberos (CVE-2024-37370 & CVE-2024-37371)

Summary Kerberos is used by IBM DataPower Gateway as an optional authentication mechanism. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially craft...

9.1CVSS8.5AI score0.02606EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/03 2:18 p.m.34 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to Node.js micromatch module (CVE-2024-4067)

Summary IBM DataPower Gateway uses the micromatch module in its UI. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in micromatch.braces in index.js. By sending a...

5.3CVSS6.1AI score0.00171EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/03 11:18 a.m.33 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to Node.js Braces module (CVE-2024-4068)

Summary The Braces module is used by IBM DataPower Gateway in its UI Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading to a memory exhaustion in...

7.5CVSS7.3AI score0.00305EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/03 11:9 a.m.13 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Dojo version 1.16.2

Summary A vulnerability has been identified in Dojo version 1.16.2 Prototype Pollution, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: Do...

7.7CVSS8.9AI score0.0154EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/03 9:42 a.m.27 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.20 LTS, 12.0.3 LTS and 12.3.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

7.4CVSS5.7AI score0.00977EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/02 8:14 a.m.27 views

Security Bulletin: IBM Jazz Reporting Services is vulnerable to a to cross-site scripting (CVE-2020-4051)

Summary Cross-site scripting has been identified in dojo library shipped with IBM Jazz Reporting Services JRS. JRS has addressed the issues by releasing a fix Vulnerability Details CVEID:CVE-2020-4051 DESCRIPTION: Dijit is vulnerable to cross-site scripting, caused by improper validation of...

5.4CVSS6.7AI score0.00216EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/09/02 7:14 a.m.21 views

Security Bulletin: IBM Maximo Application Suite uses Jinja2-3.1.3-py3-none-any.whl which is vulnerable to CVE-2024-34064.

Summary IBM Maximo Application Suite uses Jinja2-3.1.3-py3-none-any.whl which is vulnerable to CVE-2024-34064. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, cause...

5.4CVSS5.9AI score0.0123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/30 10:29 p.m.16 views

Security Bulletin: IBM MaaS360 has identified a vulnerability in the MaaS360 MDM for Android Application (CVE-2024-35118)

Summary A vulnerability was identified and remediated in the IBM MaaS360 MDM for Android Application Version 8.60 and Prior Vulnerability Details CVEID:CVE-2024-35118 DESCRIPTION: IBM MaaS360 Android agent v 8.55 and lower is using hard coded credentials that can be obtained by a user with physic...

4.6CVSS4.3AI score0.00053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/30 5:4 p.m.36 views

Security Bulletin: IBM Data Product Hub uses Node.js micromatch & braces modules which are vulnerable to a denial of service (CVE-2024-4067 & CVE-2024-4068)

Summary IBM Data Product Hub has dependencies on Node.js micromatch & braces modules which are vulnerable to a denial of service CVE-2024-4067 & CVE-2024-4068. This bulletin contains information regarding the vulnerabilities and their fixture. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION...

7.5CVSS6.7AI score0.00305EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/30 5:4 p.m.16 views

Security Bulletin: IBM Data Product Hub is vulnerable with IBM Semeru Runtime Quarterly CPU - Apr 2024 (CVE-2024-21012)

Summary IBM Data Product Hub has a dependency on IBM Semeru Runtime which is vulnerable CVE-2024-21012. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21012 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

3.7CVSS4AI score0.00146EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/30 4:59 p.m.15 views

Security Bulletin: IBM Data Product Hub uses IBM WebSphere Application Server Liberty which is vulnerable to a denial of service (CVE-2024-25026)

Summary IBM Data Product Hub has a dependency on IBM WebSphere Application Server Liberty which is vulnerable to a denial of service CVE-2024-25026. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSpher...

7.5CVSS6.5AI score0.00021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/30 1:25 p.m.43 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 279 Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with cookie request header not stripped...

8.1CVSS6.9AI score0.06809EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/30 12:1 p.m.19 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to an information disclosure (CVE-2023-50315)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to an information disclosure. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Jaz...

5.9CVSS5.5AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/30 8:25 a.m.13 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to a vulnerability in IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE, which is impacted by CVE-2024-39747. Vulnerability Details CVEID:CVE-2024-39747 DESCRIPTION: IBM Sterling Connect:Direct Web Services uses default credentials for potentially critical functionality. CVSS Base score: 8.1 CVSS Tempor...

9.8CVSS8.4AI score0.00081EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/30 8:4 a.m.15 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server is vulnerable to information disclosure (CVE-2023-50315)

Summary IBM WebSphere Application Server is vulnerable to information disclosure. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer to the security bulletins...

5.9CVSS5.3AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 11:40 p.m.39 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. These issues have been addressed by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for vulnerability impact...

8.2CVSS7.3AI score0.00353EPSS
Exploits3Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 7:16 p.m.11 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF Vulnerability Details CVEID:CVE-2023-3618 DESCRIPTION: libtiff is vulnerable to a denial of service, caused by a segmentation fault in the Fax3Encode function at libtiff/tiffax3.c when...

6.5CVSS7AI score0.00268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 7:8 p.m.16 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF Vulnerability Details CVEID:CVE-2023-40745 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an integer overflow in tiffcp.c. By persuading a victim to open a special...

6.5CVSS6.7AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 7:6 p.m.22 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-30260 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with not clear Authorization...

4.3CVSS4AI score0.00198EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 7:4 p.m.26 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-22019 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by an error when reading unprocessed HTTP request with unbounded chunk extension. By sendin...

7.5CVSS6AI score0.0038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 6:59 p.m.24 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Nginx Vulnerability Details CVEID:CVE-2024-32760 DESCRIPTION: F5 NGINX Plus and NGINX Open Source are vulnerable to a denial of service, caused by a flaw when configured to use the HTTP/3 QUIC module. By...

6.5CVSS5.9AI score0.00832EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 6:58 p.m.16 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in werkzeug

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of werkzeug Vulnerability Details CVEID:CVE-2024-34069 DESCRIPTION: Pallets Werkzeug could allow a remote attacker to execute arbitrary code on the system, caused by improper usage of a pathname and improper CSR...

7.5CVSS7.8AI score0.4365EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 6:55 p.m.18 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.2.6

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rexml-3.2.6 Vulnerability Details CVEID:CVE-2024-35176 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By parsing a specially crafted XML content contains ma...

5.3CVSS5.5AI score0.08428EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 6:53 p.m.22 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in rexml-3.2.8

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of rexml-3.2.8 Vulnerability Details CVEID:CVE-2024-39908 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw. By sending a specially crafted request...

4.3CVSS5.6AI score0.08335EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 6:36 p.m.24 views

Security Bulletin: Denial of Service Vulnerability in Node.js affect Cloud Pak System [CVE-2022-25758]

Summary Cloud Pak System uses Node.js for implementation of Cloud Pak System Common UI. Vulnerability Details CVEID:CVE-2022-25758 DESCRIPTION: Node.js scss-tokenizer module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS vulnerability in the...

7.5CVSS6.2AI score0.00493EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 6:10 p.m.24 views

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to restrict...

7.5CVSS6.4AI score0.00449EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 5:47 p.m.18 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.5 is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.5 is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability...

7.4CVSS9.5AI score0.01156EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 5:43 p.m.24 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

7.4CVSS9.5AI score0.01156EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 5:39 p.m.20 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.5 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.5 is vulnerable to multiple Operator package issues.. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

7.5CVSS8.9AI score0.25805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 5:37 p.m.18 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerability has been addressed in this update. Please read the details for remediation...

7.5CVSS8.6AI score0.25805EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 3:48 p.m.38 views

Security Bulletin: IBM Concert is vulnerable to multiple issues due to Cloud Pak Openshift

Summary IBM Concert Software uses multiple open source libraries from Cloud Pak Openshift which are susceptible to various security vulnerabilities. Vulnerability Details CVEID:CVE-2020-12912 DESCRIPTION: AMD Energy Driver for Linux could allow a local attacker to obtain sensitive information,...

7.8CVSS8.7AI score0.69905EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 3:33 p.m.26 views

Security Bulletin: IBM Security Guardium is affected by denial of service vulnerabilities (CVE-2024-24549, CVE-2024-23672, CVE-2024-0727, CVE-2023-6129)

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper input validation by the HTTP/2 header. By sending specially crafted HTTP/2 requests, a...

7.5CVSS7.4AI score0.6439EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 6:56 a.m.22 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to information disclosure (CVE-2023-50314)

Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Requirements Management DOORS Next, Global...

7.5CVSS7.3AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/29 6:50 a.m.25 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 are affected by multiple vulnerabilities

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...

5.9CVSS6AI score0.00022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/28 10:2 p.m.128 views

Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary code due to a signal handler race condition. [CVE-2024-6387]

Summary OpenSSH used by IBM i is vulnerable to a remote attacker executing arbitrary code due to a signal handler race condition as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section...

8.1CVSS8.5AI score0.65792EPSS
Exploits68Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/28 6:58 p.m.54 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a statement is run on columnar tables under specific conditions (CVE-2023-50308)

Summary IBM® Db2® under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. Vulnerability Details CVEID:CVE-2023-50308 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server under...

6.5CVSS6.9AI score0.00062EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/28 10:52 a.m.20 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-318...

7.5CVSS8.2AI score0.00427EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/27 9:33 p.m.37 views

Security Bulletin: Multiple Security Vulnerabilities discovered in IBM Security Verify Directory products

Summary Several Security Vulnerabilities discovered in the IBM Security Verify Directory Integrator provided by IBM Security Verify Directory Products have been addressed by an update Vulnerability Details CVEID:CVE-2017-9735 DESCRIPTION: Jetty could allow a remote attacker to obtain sensitive...

9.8CVSS8.7AI score0.9026EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/27 9:27 p.m.36 views

Security Bulletin: Security Vulnerabilities discovered in IBM Security Verify Directory (CVE-2022-32753, CVE-2022-32756, CVE-2022-32754)

Summary Security Vulnerabilities discovered in Web Admin Tool provided by IBM Security Verify Directory products have been resolved. Vulnerability Details CVEID:CVE-2022-32753 DESCRIPTION: IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an...

6.5CVSS5.4AI score0.00114EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/27 9:24 p.m.12 views

Security Bulletin: Multiple Security Vulnerabilities have been identified in IBM Java Technology Edition as shipped with IBM Security Directory Products

Summary Multiple Security Vulnerabilities have been fixed in the IBM Java Technology Edition as shipped with the IBM Security Directory Products. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Version...

7.2AI score
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/27 8:23 p.m.22 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer.

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are...

7.5CVSS6.4AI score0.00021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/27 7:37 p.m.41 views

Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access Appliance. (CVE-2023-1206)

Summary The Linux Kernel as shipped on the IBM Security Verify Access Appliance has a denial of service vulnerability in the IPv6 connection lookup table. This has been fixed in the IBM Security Verify Access Appliance 10.0.8.0 IF1. Vulnerability Details CVEID:CVE-2023-1206 DESCRIPTION: Linux...

5.7CVSS6.9AI score0.0004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/27 5:15 p.m.29 views

Security Bulletin: There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary There are multiple vulnerabilities that affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. Updates for CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been released to address these vulnerabilities...

7.5CVSS6.6AI score0.00449EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/27 9:36 a.m.20 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional is vulnerable to information disclosure (CVE-2023-50315).

Summary The security issue described in CVE-2023-50315 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.9CVSS5.5AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/26 5:29 p.m.33 views

Security Bulletin: Denial of service and server-side request forgery might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2024-39249, CVE-2024-39338 Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of...

7.5CVSS7.8AI score0.02141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/26 4:50 p.m.20 views

Security Bulletin: IBM SPSS Statistics not affected: "Java deserialization filters (JEP 290) ignored during IBM ORB deserialization"

Summary This vulnerability in the JRE does not affect Statistics. IBM SPSS Statistics does not use the Internet InterORB Protocol IIOP for interprocess communication. Instead it uses it's own proprietary messaging architecture. Also, users who configure SSL for client-server installations are als...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/26 4:34 p.m.20 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2024-37890)

Summary There is a vulnerability in Node.js ws module used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a...

7.5CVSS7.4AI score0.00541EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/26 4:32 p.m.28 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 17 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified...

7.3CVSS5.7AI score0.00146EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059