Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 1:2 p.m.•24 views

Security Bulletin: Vulnerability in dojo-dojo-release-1.12.1 affects Cloud Pak System [CVE-2018-6561]

Summary Vulnerability in dojo-dojo-release-1.12.1 affects Cloud Pak System. Vulnerability Details CVEID:CVE-2018-6561 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by improper validation of user-supplied input. A remote attacker could exploit this...

6.1CVSS6AI score0.00199EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 12:54 p.m.•33 views

Security Bulletin: Vulnerability in Node.js terser affect Cloud Pak System[CVE-2022-25858]

Summary Vulnerability found in Node.js terser module affect Cloud Pak System. IBM Cloud Pak System has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-25858 DESCRIPTION: Node.js terser module is vulnerable to a denial of service, caused by a regular expression denial of service...

7.5CVSS6.6AI score0.03719EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 12:45 p.m.•38 views

Security Bulletin: Vulnerability in nodejs decode-uri-component affect Cloud Pak System[CVE-2022-38900]

Summary Vulnerability in nodejs decode-uri-component affect Cloud Pak SystemCVE-2022-38900. Cloud Pak System has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-38900 DESCRIPTION: decode-uri-component is vulnerable to a denial of service, caused by improper input validation by...

7.5CVSS6.7AI score0.00429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 10:46 a.m.•39 views

Security Bulletin: Multiple Vulnerabilities in IBM® SDK, Java™ Technology Java affect IBM Cloud Pak System

Summary Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high...

9.1CVSS8.2AI score0.01156EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 10:31 a.m.•54 views

Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool (CVE-2024-35176).

Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-35176 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By parsing a specially crafted XML content contains...

5.3CVSS5.5AI score0.08428EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 10:17 a.m.•25 views

Security Bulletin: Vulnerability in Java affect Cloud Pak System [CVE-2022-21426]

Summary Vulnerability in Java affect Cloud Pak System CVE-2022-21426. Cloud Pak System has adddressed this vulnerability. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause ...

5.3CVSS5.9AI score0.00062EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 10:16 a.m.•31 views

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945 Vulnerability Details CVEID:CVE-2024-2095...

7.4CVSS6.7AI score0.00319EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 10:15 a.m.•31 views

Security Bulletin: vulnerability in OpenSSL affects IBM Workload Automation.

Summary IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that can cause denial of service CVE-2023-6129 Vulnerability Details CVEID:CVE-2023-6129 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the POLY1305 MAC message authentication cod...

6.5CVSS6.9AI score0.03331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 10:13 a.m.•16 views

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues CVE-2023-22081, CVE-2023-22067, CVE-2023-5676 Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Ja...

5.9CVSS6.4AI score0.00172EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 9:4 a.m.•55 views

Security Bulletin: Vulnerability in nodejs moment.js affect Cloud Pak System [CVE-2022-24785]

Summary Vulnerability in nodejs moment.js affect Cloud Pak System. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker could send a specially-crafte...

7.5CVSS7.4AI score0.01673EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 8:53 a.m.•44 views

Security Bulletin: Vulnerability in Node.js moment affect IBM Cloud Pak System

Summary Vulnerability in Node.js moment affect IBM Cloud Pak SystemCVE-2022-31129. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a specially-crafted request, a remote attacker...

7.5CVSS7.5AI score0.03173EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 8:18 a.m.•24 views

Security Bulletin: IBM Analytics Engine in Cloud pak for Data affected by vulnerability in GNOME's GdkPixbuf library (CVE-2022-48622)

Summary IBM Analytics Engine in Cloud pak for Data contains a vulnerable version of GNOME's GdkPixbuf library. Vulnerability Details CVEID:CVE-2022-48622 DESCRIPTION: GNOME GdkPixbuf could allow a remote attacker to execute arbitrary code on the system, caused by a heap memory corruption in the...

7.8CVSS8.2AI score0.00071EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/08/01 5:20 a.m.•19 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-50313)

Summary IBM WebSphere Application Server could provide weaker than expected security for outbound TLS connections. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this risk, it has been addressed in this bulletin: IBM Engineering Test Management Vulnerability Details Ref...

6.5CVSS5.8AI score0.0002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 11:6 p.m.•33 views

Security Bulletin: Multiple Vulnerabilities in Db2 affect IBM Cloud Pak System.

Summary Multiple Vulnerabilities in Db2 affect Cloud Pak System. Vulnerability Details CVEID:CVE-2023-30447 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM...

8.8CVSS7.7AI score0.00194EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 10:54 p.m.•23 views

Security Bulletin: Apache Santuario Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2023-44483]

Summary Vulnerability found in Apache Santuario WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Liberty patternType pType. Vulnerability Details CVEID:CVE-2023-44483 DESCRIPTION: Apache Santuario could allow a remote authenticated attacker to obtain...

6.5CVSS6.6AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 10:40 p.m.•43 views

Security Bulletin: Vulnerabilities in Samba and glibc affect Cloud Pak System

Summary Vulnerabilities in Samba and glibc affect OS Image for Red Hat Enterprise Linux Systems shipped with Cloud Pak System. Vulnerability Details CVEID:CVE-2023-4806 DESCRIPTION: GNU glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the getaddrinfo function. By...

7.8CVSS8.1AI score0.6505EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 10:23 p.m.•29 views

Security Bulletin: Vulnerability in tough-cookie affect Cloud Pak System

Summary Vulnerability found in tough-cookie affect Cloud Pak SystemCVE-2023-26136 Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Salesforce tough-cookie could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw due to improper handling of...

9.8CVSS8.3AI score0.06248EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 10:10 p.m.•37 views

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect Cloud Pak System (CVE-2023-21830, 2023-21843)

Summary Vulnerabilities in IBM Java SDK affect Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote attacker to cause a denia...

5.3CVSS5.1AI score0.00127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 9:51 p.m.•25 views

Security Bulletin: Multiple Vulnerabilities in Apache Axis affect Cloud Pak System

Summary Vulnerabilities in Apache Axis affect Cloud Pak System CVE-2012-5784, CVE-2014-3596 Vulnerability Details CVEID:CVE-2012-5784 DESCRIPTION: Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the...

5.8CVSS8AI score0.01566EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 9:45 p.m.•32 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server affect IBM Cloud Pak System [CVE-2022-39161]

Summary Vulnerability in IBM WebSphere Application Server and IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2022-39161 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when...

5.3CVSS5AI score0.00057EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 9:18 p.m.•32 views

Security Bulletin: Vulnerability in beego affects Cloud Pak System [CVE-2022-31836]

Summary Vulnerability in beego affects Cloud Pak System. IBM Cloud Pak System addrressed vulnerability. Vulnerability Details CVEID:CVE-2022-31836 DESCRIPTION: Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in the leafInfo.match function. An attacker...

9.8CVSS9.3AI score0.00452EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 9:14 p.m.•38 views

Security Bulletin: Vulnerability in Apache Commons affect Cloud Pak System [CVE-2023-24998]

Summary Vulnerability in Apache Commons affect Cloud Pak System and WebSphere Application Server Pattern Type pType shipped with Cloud Pak System. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limi...

7.5CVSS7.6AI score0.37165EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 8:55 p.m.•47 views

Security Bulletin: Multiple vulnerabilities in Node.js axios affect IBM Cloud Pak System[CVE-2021-3749, CVE-2020-28168]

Summary Multiple vulnerabilities in Node.js axios affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vunerabilities. Vulnerability Details CVEID:CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...

7.5CVSS6.9AI score0.08894EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 6:44 p.m.•16 views

Security Bulletin: A vulnerability in Azure Identity Library for .NET affects IBM Robotic Process Automation and may result in a locally authenticated attacker obtaining sensitive information (CVE-2024-29992)

Summary A vulnerability in Azure Identity Library for .NET affects IBM Robotic Process Automation and may result in a locally authenticated attacker obtaining sensitive information. Azure Identity Library for .NET is used by IBM Robotic Process Automation as part of identity management. This...

5.5CVSS5.2AI score0.00821EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 6:40 p.m.•7 views

Security Bulletin: A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access (CVE-2024-32655)

Summary A vulnerability in Npgsql affects IBM Robotic Process Automation and may result in incorrect back end database access. Ngpsql is used by IBM Robotic Process Automation for database access. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

8.1CVSS8.3AI score0.02069EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 2:16 p.m.•28 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Improper Restriction of Operations within Memory Buffer in the RHEL UBI (CVE-2023-1255, CVE-2023-2650)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-1255, CVE-2023-2650. Vulnerability Details CVEID:CVE-2023-1255 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

6.5CVSS6.7AI score0.91012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 2:14 p.m.•22 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Exposure of Sensitive Information to an Unauthorized Actor in Grafana (CVE-2022-23498)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2022-23498 Vulnerability Details CVEID:CVE-2022-23498 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive...

8.8CVSS7.3AI score0.00131EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 2:13 p.m.•21 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Inefficient Regular Expression Complexity in the RHEL UBI (CVE-2022-3517)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2022-3517. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a...

7.5CVSS8.3AI score0.00476EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 1:39 p.m.•19 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-31580] [CVE-2024-31583]

Summary PyTorch is used by the mapping assistance code in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address...

7.8CVSS7.8AI score0.00049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 1:14 p.m.•24 views

Security Bulletin: IBM Maximo Application Suite - AI Broker Component includes urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-2024-37891

Summary IBM Maximo Application Suite - AI Broker Componen includes urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-2024-37891. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could...

6.5CVSS5AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 1:13 p.m.•22 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses async-3.2.5.tgz which is vulnerable to this CVE-2024-39249

Summary IBM Maximo Application Suite - AI Broker component includesasync-3.2.5.tgz which is vulnerable to this CVE-2024-39249. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of...

7.5CVSS7.4AI score0.00161EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 12:22 p.m.•26 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2024-20918, CVE-2024-20921 and CVE-2023-33850 were disclosed in the Oracle 2024 Critical Patch Update. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentialit...

7.5CVSS6.7AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 11:1 a.m.•49 views

Security Bulletin: Netcool Operations Insights 1.6.13 addresses multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.13 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-31684 DESCRIPTION: netplex JSON Smart is vulnerable to a denial of...

9.8CVSS10AI score0.43407EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 9:22 a.m.•54 views

Security Bulletin: Common vulnerabilities fixed in EDB Postgres Advanced Server (EPAS)

Summary Common vulnerabilities fixed in EDB Postgres Advanced Server EPAS Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the accesshistory function. By...

9.8CVSS7.2AI score0.0014EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 9:7 a.m.•71 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001

Summary The following security vulnerabilities are addressed with IBM Process Mining 1.15.0 IF001 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization...

8.8CVSS9AI score0.25805EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 8:59 a.m.•31 views

Security Bulletin: vulnerability in OpenSSL affects IBM Workload Automation.

Summary IBM Workload Automation has updated OpenSSL to address vulnerability CVE-2023-5678 Vulnerability Details CVEID:CVE-2023-5678 DESCRIPTION: Openssl is vulnerable to a denial of service, caused by a flaw when using DHgeneratekey function to generate an X9.42 DH key. By sending a specially...

5.3CVSS6.3AI score0.00436EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/31 7:43 a.m.•25 views

Security Bulletin: IBM Maximo Application Suite Predict Component includes joblib-1.4.0-py3-none-any.whl which is vulnerable to this CVE-2024-34997

Summary IBM Maximo Application Suite Predict Component includes joblib-1.4.0-py3-none-any.whl which is vulnerable to this CVE-2024-34997. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34997 DESCRIPTION: joblib could allow a...

7.5CVSS7.6AI score0.00378EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 11:37 p.m.•38 views

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in JSON-java (CVE-2023-5072)

Summary A denial of service vulnerability in JSON-java used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote...

7.5CVSS7.2AI score0.00677EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 10:2 p.m.•107 views

Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-4741) and denial of service (CVE-2024-5535, CVE-2024-4603) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow a remote attacker to execute arbitrary code CVE-2024-4741 or cause a denial of service CVE-2024-5535, CVE-2024-4603. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL...

9.1CVSS8.5AI score0.06702EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 6:43 p.m.•41 views

Security Bulletin: Denial of service and remote code execution might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2024-6387, CVE-2024-39329, CVE-2024-38875, CVE-2024-39614, CVE-2024-39330, CVE-2024-21520, CVE-2024-39689,...

8.1CVSS9.1AI score0.65792EPSS
Exploits70Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 5:24 p.m.•23 views

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw...

7.5CVSS7.6AI score0.00559EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 5:23 p.m.•28 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a...

7.5CVSS7.6AI score0.00559EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 4:54 p.m.•29 views

Security Bulletin: IBM License Key Server Administration Agent is vulnerable to a remote code attack in Apache Commons (CVE-2024-29131, CVE-2024-29133)

Summary IBM LKS Administration Agent is vulnerable to a remote code execution in Apache Commons Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerabilit...

7.3CVSS7.8AI score0.00997EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 4:48 p.m.•42 views

Security Bulletin: IBM Common Licensing's Administration And Reporting Tool (ART) and IBM LKS Administration Agent are affected by Spring Framework vulnerabilities.

Summary Multiple vulnerabilites in Spring Framework affect IBM Common Licensing. Security Vulnerablities have been addressed in IBM Common Licensing. Remediations/Fixes section address remediation actions. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is...

9.8CVSS7.4AI score0.05781EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 4:37 p.m.•40 views

Security Bulletin: IBM License Key Server Administration & Reporting Tool and Agent are vulnerable to avulnerability in Apache Commons Compress Library

Summary A Denial of Service vulnerability has been found in Apache Commons Compress. It affects IBM License Key Server Administration & Reporting Tool and its Agent. A mitigation has been released. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a...

8.1CVSS6.5AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 2:54 p.m.•24 views

Security Bulletin: Timing Oracle in GSKit.

Summary A timing based side channel exists in the RSA Decryption implementation used by GSKit builds prior to 8.0.55.31. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RS...

7.5CVSS7.3AI score0.00058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 6:12 a.m.•17 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by PostgreSQL vulnerability.

Summary IBM Connect:Direct Web Services uses PostgreSQL Solaris 15.6 and Windows 16.2.1 and is vulnerable to CVE-2024-4317. Vulnerability Details CVEID:CVE-2024-4317 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by missing authorizatio...

4.3CVSS6AI score0.00263EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 1:42 a.m.•43 views

Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Apache Kafka (CVE-2024-27309)

Summary Apache Kafka is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2024-27309 The below vulnerability have been addressed. Vulnerability Details CVEID:CVE-2024-27309 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper access...

7.4CVSS7.5AI score0.00386EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/30 1:34 a.m.•18 views

Security Bulletin: Due to use of Apache Pulsar, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to a security restrictions bypass.

Summary Pulsar is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2024-28098, CVE-2024-29834 The below vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-28098 DESCRIPTION: Apache Pulsar could allow a remote authenticated attacker to bypa...

6.4CVSS6.5AI score0.00232EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 9:56 p.m.•21 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-33883 DESCRIPTION: Node.js ejs module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding or modifying properties of...

4CVSS4.4AI score0.01499EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35059