Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/09 11:19 a.m.31 views

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-51775 a denial of service due to jose4j

Summary IBM Maximo Application Suite - Monitor Component uses jose4j which is vulnerable to CVE-2023-51775. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by...

6.5CVSS6.6AI score0.00383EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/09 11:19 a.m.15 views

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to multiple CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is vulnerable to multiple CVEs. This bulletin identifies the steps to take to address the vulnerabilities. List of CVEs: CVE-2024-22353, CVE-2023-50312, CVE-2024-27270. Vulnerability Details...

7.5CVSS6.6AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/09 10:5 a.m.25 views

Security Bulletin: There is a vulnerability in commons-compress-1.21.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-25710, CVE-2024-26308)

Summary There is a vulnerability in commons-compress-1.21.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading...

8.1CVSS6.5AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/09 10:3 a.m.26 views

Security Bulletin: There is a vulnerability in commons-compress-1.21.jar used by IBM Maximo Asset Management application (CVE-2024-25710, CVE-2024-26308)

Summary There is a vulnerability in commons-compress-1.21.jar used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a...

8.1CVSS6.6AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/09 5:50 a.m.24 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by Java JWT vulnerability

Summary IBM Sterling Connect:Direct Web Service is vulnerable to JJWT version 0.9.1. Connect:Direct Web Services has upgraded to version 0.12.5 to address CVE-2024-31033. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka...

6.8CVSS6.8AI score0.00391EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/09 4:51 a.m.15 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using the -Xgc:concurrentScavenge option on IBM Z is vulnerable to Buffer overflow in GC

Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Jazz...

7.3CVSS5.6AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/09 4:50 a.m.16 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer to the security bulletins listed ...

8.8CVSS8.5AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/09 4:46 a.m.22 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Refer ...

4.8CVSS5AI score0.00309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/09 4:45 a.m.16 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server is vulnerable to remote code execution (CVE-2024-35154)

Summary IBM WebSphere Application Server is vulnerable to a remote code execution vulnerability in the administative console. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerabilit...

7.2CVSS7.4AI score0.00285EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 9:45 p.m.28 views

Security Bulletin: IBM Aspera Shares improved security for user session handling (CVE-2023-38018)

Summary IBM Aspera Shares has addressed a vulnerability related to user session handling. Vulnerability Details CVEID:CVE-2023-38018 DESCRIPTION: IBM Aspera Shares does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system...

6.3CVSS5.8AI score0.00072EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 8:7 p.m.27 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Rack ( CVE-2024-26146 )

Summary Rack is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-26146. Vulnerability Details CVEID:CVE-2024-26146 DESCRIPTION: Rack is vulnerable to a denial of service, caused by improper validation of user-supplied input by the header parsing process. By sending a specially...

7.5CVSS5.6AI score0.00775EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 8:4 p.m.21 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to regular expression denial of service due to Rack ( CVE-2023-27539 )

Summary Rack is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-27539. Vulnerability Details CVEID:CVE-2023-27539 DESCRIPTION: Rack is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the header parsing component. By sending a...

5.3CVSS7.1AI score0.00364EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 8:1 p.m.16 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js semver ( CVE-2022-25883 )

Summary Node.js semver is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25883. Vulnerability Details CVEID:CVE-2022-25883 DESCRIPTION: Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the new Range...

7.5CVSS8AI score0.00581EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 7:58 p.m.20 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler ( CVE-2022-41724 CVE-2021-34558 )

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-41724 CVE-2021-34558. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending...

7.5CVSS7.4AI score0.00917EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 7:8 p.m.18 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to exposing sensitive information due to Masterminds GoUtils ( CVE-2021-4238 )

Summary Masterminds GoUtils is used by IBM Cloud Pak for Data as part of the platform. CVE-2021-4238. Vulnerability Details CVEID:CVE-2021-4238 DESCRIPTION: Masterminds GoUtils could allow a remote attacker to obtain sensitive information, caused by an issue with randomly-generated alphanumeric...

9.1CVSS8.8AI score0.00336EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 7:2 p.m.33 views

Security Bulletin: This Power System update is being released to address CVE-2024-41660

Summary The BMC's service location protocol SLP service is vulnerable to an attacker who has network access to the BMC causing a buffer overflow which could lead to arbitrary code execution on the BMC. Vulnerability Details CVEID:CVE-2024-41660 DESCRIPTION: OpenBMC slpd-lite is vulnerable to a...

9.8CVSS10AI score0.00108EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 6:57 p.m.20 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js http-cache-semantics module ( CVE-2022-25881 )

Summary Node.js http-cache-semantics module is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...

7.5CVSS7.6AI score0.00175EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 6:47 p.m.25 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Express.js ( CVE-2022-24999 )

Summary Express.js is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-24999. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of...

7.5CVSS8.1AI score0.01543EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 6:35 p.m.16 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Pallets Werkzeug ( CVE-2023-46136 )

Summary Pallets Werkzeug is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-46136. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by a flaw when parsing multipart/form-data containing a large part with CR/LF...

8CVSS7.2AI score0.00877EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 6:26 p.m.18 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to cross-site scripting due to Jinja2 ( CVE-2024-34064 )

Summary Jinga2 is used by IBM Cloud Pak for Data as part of the installation operator. CVE-2024-34064. Vulnerability Details CVEID:CVE-2024-34064 DESCRIPTION: Jinja is vulnerable to cross-site scripting, caused by the acceptance of keys containing non-attribute characters by the xmlattr filter. A...

5.4CVSS5.9AI score0.0123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 6:23 p.m.12 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to session hijacking due to Node.js passport module ( CVE-2022-25896 )

Summary Node.js passport module is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25896. Vulnerability Details CVEID:CVE-2022-25896 DESCRIPTION: Node.js passport module could allow a remote attacker to hijack a user's session, caused by a session fixation vulnerability. An...

5.8CVSS6.3AI score0.00164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 6:16 p.m.21 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Node.js cookiejar module ( CVE-2022-25901 )

Summary Node.js cookiejar module is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-25901. Vulnerability Details CVEID:CVE-2022-25901 DESCRIPTION: Node.js cookiejar module is vulnerable to a denial of service, caused by an insecure regular expression in the Cookie.parse function....

7.5CVSS8AI score0.00069EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 5:38 p.m.30 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to unknown impact and attack vector due to Python certifi ( CVE-2022-23491 )

Summary Python certifi is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-23491. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that produced spyware in Certifi has an unknown impact and attack...

7.5CVSS7.2AI score0.00067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 5:29 p.m.39 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.8CVSS9.7AI score0.91924EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 5:27 p.m.38 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Vim-minimal Package Issues. This package has been removed from the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediatio...

9.8CVSS8.8AI score0.03907EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 5:17 p.m.52 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2024.

Summary In addition to many OS level updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF035 and 24.0.0-IF001. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could...

8.7CVSS9.9AI score0.03759EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 5:11 p.m.45 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF001

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF001 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitra...

8.8CVSS8.1AI score0.25805EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:55 p.m.27 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to cross-site scripting due to Jinja ( CVE-2024-22195 )

Summary Jinja is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-22195. Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Pallets Jinja is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the xmlattr filter. A remote authenticated...

6.1CVSS5.9AI score0.00151EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:50 p.m.27 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to obtain sensitive information due to Node.js undici ( CVE-2023-45143 )

Summary Node.js undici is used by IBM Cloud Pak for Data as part of the . CVE-2023-45143. Vulnerability Details CVEID:CVE-2023-45143 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to clear cookie header on...

3.9CVSS5.3AI score0.00116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:47 p.m.29 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to exposing sensitive information due to Undici ( CVE-2024-24758 )

Summary Undici is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-24758. Vulnerability Details CVEID:CVE-2024-24758 DESCRIPTION: Undici could allow a remote authenticated attacker to obtain sensitive information, caused by improper neutralization of Proxy-Authentication headers. ...

4.5CVSS5.2AI score0.00278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:45 p.m.27 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass security restriction due to Node.js undici module ( CVE-2024-30261, CVE-2024-30260 )

Summary Node.js undici module is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-30261, CVE-2024-30260. Vulnerability Details CVEID:CVE-2024-30261 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with...

4.3CVSS4AI score0.00198EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:42 p.m.22 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to json-jwt ( CVE-2023-51774 )

Summary json-jwtis used by IBM Cloud Pak for Data as part of the platform. CVE-2023-51774. Vulnerability Details CVEID:CVE-2023-51774 DESCRIPTION: json-jwt could allow a remote attacker to bypass security restrictions, caused by a sign/encryption confusion attack. By sending a specially crafted...

8.4CVSS8.2AI score0.00011EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:38 p.m.21 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to xml2js ( CVE-2023-0842 )

Summary xml2js is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-0842. Vulnerability Details CVEID:CVE-2023-0842 DESCRIPTION: xml2js could allow a remote attacker to bypass security restrictions, caused by the failure to properly validate incoming JSON keys, allowing the proto...

5.3CVSS5.4AI score0.00291EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:36 p.m.28 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to nth-check ( CVE-2021-3803 )

Summary nth-check is used by IBM Cloud Pak for Data as part of the platform. CVE-2021-3803. Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending a specially-crafted regex inpu...

7.5CVSS7.3AI score0.00166EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:28 p.m.43 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to k8s.io/kubernetes ( CVE-2023-2728, CVE-2023-2727, CVE-2023-5408, CVE-2023-3955, CVE-2023-3676 )

Summary k8s.io/kubernetes is used by IBM Cloud Pak for Data as part of the platform. CVE-2023-2728, CVE-2023-2727, CVE-2023-5408, CVE-2023-3955, CVE-2023-3676. Vulnerability Details CVEID:CVE-2023-2728 DESCRIPTION: Kubernetes could allow a remote authenticated attacker to bypass security...

8.8CVSS7.3AI score0.40738EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:20 p.m.47 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to go modules used in nginx ( CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723 )

Summary Nginx is used by IBM Cloud Pak for Data as part of the web interface. CVE-2023-24532, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods o...

7.5CVSS6.9AI score0.00264EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:17 p.m.29 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to resource exhaustion attack due to github.com/Cloudflare/cfssl ( CVE-2023-39533 )

Summary github.com/Cloudflare/cfssl is used by IBM Cloud Pak for Data. CVE-2023-39533. Vulnerability Details CVEID:CVE-2023-39533 DESCRIPTION: libp2p go-libp2p is vulnerable to a denial of service, caused by a flaw during the signature verification. By sending a specially crafted request using...

7.5CVSS7.3AI score0.00126EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:15 p.m.84 views

Security Bulletin: IBM DataPower Gateway vulnerable to XML Entity Expansion attack in Web UI (CVE-2022-31775)

Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2022-31775 DESCRIPTION: IBM DataPower Gateway is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memo...

9.1CVSS7.3AI score0.0028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 3:5 p.m.30 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to python ( CVE-2022-45061 )

Summary Python is used by IBM Cloud Pak for Data. CVE-2022-45061. Vulnerability Details CVEID:CVE-2022-45061 DESCRIPTION: Python is vulnerable to a denial of service, caused by an unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder. By sendi...

7.5CVSS7.5AI score0.0013EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 2:57 p.m.31 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to signature forgery attack due to browserify-sign ( CVE-2023-46234 )

Summary Package browserify-sign is used by IBM Cloud Pak for Data. CVE-2023-46234. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify browserify-sign could allow a remote attacker to bypass security restrictions, caused by an upper bound check issue in the dsaVerify function. By...

7.5CVSS7.4AI score0.00433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 2:49 p.m.28 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to arbitrary code execution during compilation due to traverse ( CVE-2023-45133 )

Summary Package traverse is used by IBM Cloud Pak for Data. CVE-2023-45133. Vulnerability Details CVEID:CVE-2023-45133 DESCRIPTION: Babel could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the path.evaluateor path.evaluateTruthy. By using a specially crafted...

9.3CVSS8.8AI score0.00093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 2:44 p.m.29 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to fast-xml-parser ( CVE-2023-34104 )

Summary Package fast-xml-parser is used by IBM Cloud Pak for Data. CVE-2023-34104. Vulnerability Details CVEID:CVE-2023-34104 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the Doctype Entities...

7.5CVSS7.3AI score0.00575EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 2:38 p.m.19 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to possible denial of service due to decode-uri-component (CVE-2022-38900 )

Summary decode-uri-component is used by IBM Cloud Pak for Data. CVE-2022-38900. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is vulnerable to a denial of service, caused by improper input validation by the decodeComponents function. By sending a specially-crafted...

7.5CVSS6.7AI score0.00429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 2:33 p.m.20 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )

Summary Passport-saml is used by IBM Cloud Pak for Data for SAML authentication. CVE-2022-39299. Vulnerability Details CVEID:CVE-2022-39299 DESCRIPTION: Node.js passport-saml module could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic...

8.1CVSS8.4AI score0.04646EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 2:30 p.m.15 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to github.com/docker/distribution ( CVE-2023-2253 )

Summary Go module github.com/docker/distribution is used by IBM Cloud Pak for Data. CVE-2023-2253. Vulnerability Details CVEID:CVE-2023-2253 DESCRIPTION: Distribution is vulnerable to a denial of service, caused by improper input validation by the /v2/catalog endpoint. By sending a specially...

6.5CVSS6.4AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 2:25 p.m.23 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to SSRF due to ip for Node.js (CVE-2023-42282)

Summary Package ip for Node.js is used by IBM Cloud Pak for Data. CVE-2023-42282 Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a server-side request forgery flaw in the ip.isPublic...

9.8CVSS9.3AI score0.00652EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 2:21 p.m.16 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to lua-resty (CVE-2024-33531)

Summary Lua is used by IBM Cloud Pak for Data as part of the web interface. CVE-2024-33531 Vulnerability Details CVEID:CVE-2024-33531 DESCRIPTION: lua-resty-jwt could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially...

8.1CVSS6.7AI score0.00103EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 2:17 p.m.36 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to several issues due to the go compiler

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2023-27561, CVE-2023-28642, CVE-2023-25809, CVE-2022-32149, CVE-2022-41723, CVE-2022-41721, CVE-2022-27664, CVE-2022-29162, CVE-2021-43784, CVE-2023-2517 Vulnerability Details CVEID:CVE-2023-27561 DESCRIPTION...

7.8CVSS8.8AI score0.00264EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 10:34 a.m.24 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage are vulnerable to loss of confidentiality [CVE-2024-42459] [CVE-2024-42460] [CVE-2024-42461]

Summary Node.js Elliptic module is used by IBM App Connect Enterprise Certified Container for encription and signature validation in communication between a Dashboard and COS S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that use COS S3 storage for storing bar file...

9.1CVSS5.3AI score0.02898EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/08/08 9:45 a.m.28 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go http2 and nghttp2

Summary IBM MQ Operator and Queue manager container images are vulnerable to Golang Go http2 and nghttp2. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by ...

7.5CVSS7.3AI score0.69905EPSS
Exploits2Affected Software1
Total number of security vulnerabilities35059