Lucene search
K

35702 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/11/08 8:8 a.m.35 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

10CVSS10AI score0.66594EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/07 10:3 p.m.59 views

Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2023-36328) due to tcl

Summary Vulnerability in tcl could allow a remote attacker to execute arbitrary code or cause a denial of service CVE-2023-36328. Vulnerability Details CVEID:CVE-2023-36328 DESCRIPTION: libtom libtommath is vulnerable to an integer buffer overflow, caused by improper bounds checking by mpgrow. By...

9.8CVSS8.2AI score0.01254EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/07 3:43 p.m.29 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS and privilege escalation

Summary These CVEs affect the operating system kernel. Vulnerability Details CVEID:CVE-2023-52340 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the ICMPv6 handling of "Packet Too Big". By sending a specially crafted IPV6...

9.8CVSS7.5AI score0.00978EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/07 1:42 p.m.26 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: jshttp cookie could allow a remote attack...

7.5CVSS7.7AI score0.01414EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/07 7:43 a.m.33 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerability in Apache Tomcat

Summary OSS Scan Vulnerability - Apache Tomcat 8.5.70 & Apache Tomcat 8.5.75 with multiple CVEs and affecting Sterling Control Center v6.2.1. Vulnerability Details CVEID:CVE-2021-42340 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a memory leak flaw in WebSocket...

8.6CVSS9.9AI score0.73139EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/07 7:42 a.m.11 views

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM Java Buffer overflow in GC

Summary IBM Java: Buffer overflow in GC when using the -Xgc:concurrentScavenge option on IBM Z is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions,...

7.3CVSS5.7AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/07 4:32 a.m.34 views

Security Bulletin: IBM Security Guardium Key Lifecycle Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Guardium Key Lifecycle Manager. Vulnerability Details CVEID:CVE-2024-49817 DESCRIPTION: IBM Security Guardium Key Lifecycle Manager stores user credentials in configuration files which can be read by a loc...

7.5CVSS6.2AI score0.00453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/06 7:44 p.m.8 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (Aug 2024)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/06 11:34 a.m.14 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tungstenite-0.20.1.crate CVE-2023-43669

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tungstenite-0.20.1.crate CVE-2023-43669. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-43669 DESCRIPTION: Snapview Tungstenite crate for Rust is vulnerable t...

7.5CVSS6.7AI score0.0162EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/06 10:24 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Injection - Cross Site Scripting Rule

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Injection - Cross Site Scripting Rule . This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-35146 DESCRIPTION: IBM Maximo Application Suite - Monitor Component is...

5.4CVSS6.6AI score0.00246EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/06 9:54 a.m.23 views

Security Bulletin: Multiple Vulnerabilities in Db2 affect IBM Cloud Pak Sytem

Summary Vulnerabilities in Db2 affect IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using ...

7.5CVSS7.7AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/06 7:21 a.m.7 views

Security Bulletin: IBM Operations Analytics - Log Analysis is vulnerable to an XML External Entity Injection (XXE) vulnerability

Summary There is a potential XML External Entity Injection XXE vulnerability with reload4j library that is used in IBM Operations Analytics - Log Analysis. This has been addressed. Vulnerability Details IBM X-Force ID: 294027 DESCRIPTION: QOS.CH reload4j allow a remote attacker to obtain sensitiv...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/06 7:21 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - MVI Component uses jose4j-0.9.3.jar which is vulnerable to this CVE-2023-51775

Summary Security Bulletin: IBM Maximo Application Suite - MVI Component uses jose4j-0.9.3.jar which is vulnerable to this CVE-2023-51775 Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially...

6.5CVSS6.9AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 10:7 p.m.39 views

Security Bulletin: AIX is affected by multiple vulnerabilities due to Python

Summary There are multiple vulnerabilities in Python used by AIX CVE-2024-45491, CVE-2024-45490, CVE-2024-45492, CVE-2024-7592, CVE-2024-8088, CVE-2024-6923. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2024-45491 DESCRIPTION: libexpat could...

9.8CVSS8.6AI score0.02303EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 8:53 p.m.20 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2023-50314)

Summary IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

7.5CVSS6.1AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 6:41 p.m.19 views

Security Bulletin: IBM Sterling Control Center is vulnerable to User Enumeration

Summary User Enumeration is affecting v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-35114 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts. CWE:CWE-204: Observable Response Discrepancy...

5.3CVSS6.8AI score0.00359EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 11:58 a.m.16 views

Security Bulletin: There is a vulnerability in plotly.js used by IBM Maximo Asset Management application (CVE-2023-46308)

Summary There is a vulnerability in plotly.js used by IBM Maximo Asset Management application CVE-2023-46308 Vulnerability Details CVEID:CVE-2023-46308 DESCRIPTION: Plotly plotly.js could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the...

9.8CVSS7.9AI score0.00936EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 9:2 a.m.33 views

Security Bulletin: Vulnerability in jgit affect Cloud Pak System [CVE-2023-4759]

Summary Vulnerability in jgit affect Cloud Pak System. IBM Cloud Pak System Addressed vulnerability CVE-2023-4759. Vulnerability Details CVEID:CVE-2023-4759 DESCRIPTION: Eclipse JGit could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of case...

8.8CVSS8.7AI score0.01884EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 8:39 a.m.16 views

Security Bulletin: IBM Sterling Control Center is vulnerable to Content spoofing

Summary IBM Sterling Control Center is vulnerable to Content Spoofing in v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-35111 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...

4.3CVSS5.8AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 8:38 a.m.26 views

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024

Summary IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

7.5CVSS5.3AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 8:35 a.m.18 views

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2024 - Includes OpenJDK Apr 2024 CPU

Summary IBM Semeru Runtime Quarterly CPU - Apr 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts...

7.3CVSS6AI score0.01276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 8:30 a.m.18 views

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 - Includes Oracle July 2024 CPU

Summary IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...

7.4CVSS5.3AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 8:27 a.m.24 views

Security Bulletin: IBM Sterling Control Center is vulnerable to IBM Semeru Runtime Quarterly CPU - Jul 2024 - Includes OpenJDK July 2024 CPU

Summary IBM Semeru Runtime Quarterly CPU - Jul 2024 is affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-21145 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low...

4.8CVSS7AI score0.01056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 8:8 a.m.17 views

Security Bulletin: IBM Sterling Control Center is vulnerable due to Apache Commons issue

Summary Apache Commons is affecting IBM Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending...

7.3CVSS7.5AI score0.02054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 8:3 a.m.14 views

Security Bulletin: IBM Sterling Control Center is vulnerable to Directory Listing

Summary Directory Listing is affecting v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-35113 DESCRIPTION: IBM Sterling Control Center could allow an authenticated user to obtain sensitive information exposed through a directory listing. CWE:CWE-548: Exposure of Information Through Directo...

6.5CVSS5.6AI score0.00311EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 7:59 a.m.22 views

Security Bulletin: IBM Sterling Control Center is vulnerable to Improper Error Handling

Summary Improper Error Handling is affecting v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-35112 DESCRIPTION: IBM Sterling Control Center could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information...

5.4CVSS5.8AI score0.00293EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/05 4:31 a.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch [CVE-2024-31583]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch, caused by a use-after-free flaw in the torch/csrc/jit/mobile/interpreter.cpp component CVE-2024-31583. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has...

7.8CVSS6.5AI score0.00266EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/04 6:15 p.m.20 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation.

Summary IBM PowerVM Novalink is vulnerable because VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression Language SpEL expression, a remote attacker could exploit this vulnerability to cause a deni...

4.3CVSS6.8AI score0.00536EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/04 6:11 p.m.17 views

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty could allow an attacker with access to the network to conduct spoofing attacks. (CVE-2023-50314)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to...

7.5CVSS6.1AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/04 2:52 p.m.22 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to RCE vulnerability

Summary IBM DataPower Gateway does not support the affected character-set. Out of an abundance of caution, IBM has applied the remediation for this CVE. Vulnerability Details CVEID:CVE-2024-2961 DESCRIPTION: GNU C Library could allow a remote attacker to execute arbitrary code on the system, caus...

7.3CVSS7.8AI score0.8833EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/04 1:40 p.m.13 views

Security Bulletin: IBM CICS TX Advanced web pages are vulnerable to cross-site scripting and cross-site request forgery attacks.

Summary Webpages that are shipped as part of IBM CICS TX Advanced are vulnerable to cross-site scripting and cross-site request forgery attacks. Updates to IBM CICS TX Advanced have been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-41745 DESCRIPTION: IBM CICS TX...

8.8CVSS6.9AI score0.00258EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/04 12:36 p.m.35 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated Vulnerability Details CVEID:CVE-2024-45071 DESCRIPTION: IBM WebSphere Application Server is vulnerable to stored cross-site...

7.5CVSS7.5AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/01 10:12 p.m.32 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

9.1CVSS10AI score0.36081EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/01 10:5 p.m.41 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability...

9.1CVSS10AI score0.36081EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/01 9:38 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow [CVE-2023-33976]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a a segfault when not given a rank 2 tensor in the arrayops.upperbound function CVE-2023-33976. TensorFlow is used by our Speech Service runtimes. This...

7.5CVSS6.6AI score0.00429EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/01 6:35 p.m.23 views

Security Bulletin: IBM Aspera Console has improved security for user input validation (CVE-2011-4969)

Summary This Security Bulletin addresses a vulnerability that has been remediated in IBM Aspera Console 3.4.5 PL1. Vulnerability Details CVEID:CVE-2011-4969 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input when handling the...

4.3CVSS6.3AI score0.19191EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/01 3:4 p.m.13 views

Security Bulletin: A vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2023-50315)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about an information disclosure vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

5.9CVSS6.1AI score0.00268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/31 8:35 p.m.9 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Golang Go

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Golang Go. Vulnerability Details CVEID:CVE-2024-24787 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a flaw during build on darwin. By building a Go...

6.4CVSS8.5AI score0.01001EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/31 5:58 p.m.40 views

Security Bulletin: IBM MQ Explorer is affected by a vulnerability in the IBM Semeru Runtime (CVE-2024-21085)

Summary An issue was identified with IBM Semeru Runtime, Version 17, which is used in IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impacts. CVSS...

3.7CVSS4.8AI score0.01276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/31 4:35 p.m.26 views

Security Bulletin: IBM CICS TX Standard is vulnerable to Cross-site Scripting (Reflected) and Cross-Site Request Forgery (CSRF).

Summary Webpages that are shipped as part of IBM CICS TX Standard are vulnerable to Cross-site Scripting Reflected and Cross-Site Request Forgery CSFR. Updates to IBM CICS TX Standard have been released to address this vulnerability. Vulnerability Details CVEID:CVE-2024-41745 DESCRIPTION: IBM CIC...

8.8CVSS7.2AI score0.00258EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/31 4:25 p.m.62 views

Security Bulletin: Denial of service, DNS poisoning, and information disclosure might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in denial of service, DNS poisoning, and information disclosure. The vulnerabilities have been addressed. CVE-2024-34447, CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2024-45296, CVE-2023-44487, CVE-2024-29857...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/31 4:19 p.m.22 views

Security Bulletin: IBM TXSeries for Multiplatforms is vulnerable to attacks attempting to obtain sensitive information or determine valid usernames.

Summary Webpages that are shipped as part of IBM TXSeries for Multiplatforms are vulnerable to attacks attempting to obtain sensitive information or determine valid usernames. Updates to IBM TXSeries for Multiplatforms have been released to address this vulnerability. Vulnerability Details...

5.9CVSS6.4AI score0.00339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/31 2:57 p.m.14 views

Security Bulletin: IBM Db2 and IBM WebSphere Application Server traditional used by IBM Security Verify Governance have multiple vulnerabilities

Summary IBM Security Verify Governance ISVG ships with IBM Db2 and IBM WebSphere Application Server traditional. Information about security vulnerabilities affecting these dependencies has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS7.6AI score0.00901EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/30 5:8 p.m.25 views

Security Bulletin: A Security Vulnerability was fixed in IBM Security Verify Access. (CVE-2024-35133)

Summary An issue found in the IBM Security Verify Access OIDC code could allow a remote attacker to cause a Redirect URL vulerability Vulnerability Details CVEID:CVE-2024-35133 DESCRIPTION: IBM Security Verify Access OIDC Provider could allow a remote attacker to conduct phishing attacks, using a...

8.2CVSS7.2AI score0.0163EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/30 1:29 p.m.25 views

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - July 2024 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 17 V24.0.0. Information about security vulnerabilities in these Java runtumes have been published. IBM Business Automation Workflow includes IBM Java 8. Vulnerability Details...

7.4CVSS7.1AI score0.01257EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/30 1:7 p.m.23 views

Security Bulletin: IBM QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...

7.5CVSS8.6AI score0.01386EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/30 11:8 a.m.18 views

Security Bulletin: Vulnerability in dojo affects IBM Business Automation Workflow - CVE-2021-23450

Summary IBM Business Automation Workflow packages an outdated version of dojo. A security addressing CVE-2021-23450 has been back ported to this version. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS8AI score0.30367EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/30 10:22 a.m.37 views

Security Bulletin: Unspecified Vulnerability in IBM Java SDK affect Cloud Pak System [CVE-2023-22045, CVE-2023-22049]

Summary Unspecified Vulnerability in IBM Java SDK affect WebSphere Application Server Patterns shipped with Cloud Pak System. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low...

3.7CVSS5AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/29 9:48 p.m.33 views

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2023-50314)

Summary An issue was identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could...

7.5CVSS5.8AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/29 9:47 p.m.60 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause...

7.4CVSS5.3AI score0.01257EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35702