Lucene search
K

35705 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 9:59 a.m.45 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

9.1CVSS8.9AI score0.36081EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 8:35 a.m.30 views

Security Bulletin: IBM Maximo Application Suite uses multiple packages which are vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses golang.org/x/net/http2 - v0.19.0 , v0.20.0, github.com/lestrrat-go/jwx/v2 - v2.0.11, setuptools - 50.3.2, tar - 6.2.0, github.com/docker/docker - v24.0.7, follow-redirects - 1.15.4, express - 4.18.2 , idna - 3.6 ,org.apache.cxfcxf-core - 3.5.5,...

9.3CVSS8.4AI score0.05849EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 10:29 p.m.28 views

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could allow an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. (CVE-2015-5739)

Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could allow an attacker to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. IBM Robotic Process Automation for Cloud Pak uses Go as part of it's operator deployment...

9.8CVSS5.9AI score0.09625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 10:28 p.m.25 views

Security Bulletin: A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information (CVE-2020-15522).

Summary A vulnerability in Bouncy Castle affects IBM Robotic Process Automation which could allow an attacker to obtain sensitive information. IBM Robotic Process Automation uses Bouncy Castle for encrytion. This bulletin identifies the security fixes to apply to address the vulnerability...

5.9CVSS6.2AI score0.01522EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 10:27 p.m.25 views

Security Bulletin: Multiple vulnerabilities in microsoft.netcore.app affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM microsoft.netcore.app affect IBM Robotic Process Automation. The vulnerabilities exist in BrotliSharpLib which was determined to not be required by IBM Robotic Process Automation. The offending module was removed from the product. Vulnerability Details...

7.5CVSS7.8AI score0.14833EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 8:9 p.m.23 views

Security Bulletin: IBM OpenPages vulnerable to reflected Cross Site Scripting (CVE-2024-37527)

Summary A vulnerability could allow potential reflected cross-site scripting injections in IBM OpenPages through parameters used in reports. Vulnerability Details CVEID:CVE-2024-37527 DESCRIPTION: IBM OpenPages with Watson is vulnerable to cross-site scripting. This vulnerability allows an...

5.4CVSS6AI score0.00218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 4:26 p.m.73 views

Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.

Summary IBM has released the following IBM i PTFs in response to CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 and CVE-2018-3639. This security bulletin has been updated, on October 16, 2018, as additional IBM i PTFs are now available to mitigate the Spectre and Meltdown vulnerabilities...

5.6CVSS7.4AI score0.93838EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 3:25 p.m.32 views

Security Bulletin: CVE-2023-22045, CVE-2023-22049 affects IBM® SDK, Java™ Technology Edition affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition in version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. An update has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22045...

3.7CVSS6.3AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/07 3:19 p.m.20 views

Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary SQLite SQLite3 is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2023-7104 DESCRIPTION: SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in...

7.3CVSS7.7AI score0.01249EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/06 6:34 p.m.27 views

Security Bulletin: Vulnerability in Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerability in Linux Kernel. A local authenticated attacker could exploit the vulnerability to cause a denial of service condition as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details...

4.7CVSS6.6AI score0.00186EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/04 11:53 p.m.13 views

Security Bulletin: IBM Watson Query on IBM Cloud does not govern all of the columns of a published object

Summary IBM Watson Query on IBM Cloud integrates with IBM Knowledge Catalog IKC - formerly Watson Knowledge Catalog WKC - to enforce data protection rules on governed objects. When you publish objects from Watson Query to catalogs or projects, only the first 100 columns are registered in the...

6.5CVSS6AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/04 1:13 p.m.47 views

Security Bulletin: IBM i is affected by several vulnerabilities (CVE-2016-2183 and CVE-2016-6329)

Summary IBM i is vulnerable to several security vulnerabilities. IBM i has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block...

7.5CVSS6.8AI score0.95707EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/04 11:37 a.m.25 views

Security Bulletin: IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. (CVE-2023-0833).

Summary IBM App Connect Enterprise toolkit is vulnerable to a local authenticated attacker due to the OKHttp component. CVE-2023-0833. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: Red Hat AMQ-Streams could allow ...

5.5CVSS5.7AI score0.00436EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/04 11:2 a.m.24 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact, low...

3.7CVSS6.2AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/04 9:46 a.m.34 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...

8.1CVSS8AI score0.01197EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/04 6:44 a.m.29 views

Security Bulletin: IBM Operational Decision Manager for Sep 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-38808...

5.3CVSS8.2AI score0.00852EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 5:51 p.m.24 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28486]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters during logging operations CVE-2023-28486. Sudo Project Sudo is included as a Base OS package used...

5.3CVSS6.1AI score0.00915EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 5:50 p.m.19 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo [CVE-2023-28487]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Sudo Project Sudo, caused by improper escaping terminal control characters by the "sudoreplay -l" command CVE-2023-28487. Sudo Project Sudo is included as a Base OS package...

5.3CVSS6.2AI score0.00953EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 5:48 p.m.25 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Sudo Project Sudo [CVE-2023-42465]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Sudo Project Sudo, caused by a fault injection flaw in the stack/register variables CVE-2023-42465. Sudo Project Sudo is included as a Base OS package used by our service...

7CVSS6.7AI score0.00541EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 5:47 p.m.44 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH [CVE-2023-51385]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary command execution in OpenSSH, caused by improper validation of shell metacharacters CVE-2023-51385. OpenSSH is included as a Base OS package used by our service runtimes. This vulnerabilitiy has...

6.5CVSS7.8AI score0.19753EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 5:46 p.m.23 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow in Perl [CVE-2023-47038]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the user-defined Unicode property CVE-2023-47038. Perl is included as a Base OS package used by our service runtimes. This vulnerabilitiy ha...

7.8CVSS7.6AI score0.00832EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:54 p.m.46 views

Security Bulletin: IBM Sterling Control Center v6.2.x and v6.3.x are vulnerable due to IBM SDK Java Technology Edition vulnerability

Summary IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 - Includes Oracle October 2023 CPU plus CVE-2023-5676, CVE-2023-22081, CVE-2023-22067 affecting Sterling Control Center v6.2.x and v6.3.x. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java...

5.9CVSS6.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:53 p.m.33 views

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2022-41678. Vulnerability Details CVEID:CVE-2022-41678 DESCRIPTION: Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

8.8CVSS8.8AI score0.8581EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:51 p.m.26 views

Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable and reported in [All] Spring Framework.

Summary Security Bulletin: Sterling Control Center v6.2.1 and v6.3.1 is vulnerable in All Spring Framework for CVE-2024-22233 Publicly disclosed vulnerability. Vulnerability Details CVEID:CVE-2024-22233 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by a...

7.5CVSS7.5AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:50 p.m.21 views

Security Bulletin: IBM Sterling Control Center v6.2.x and v6.3.x are vulnerable due to IBM Semeru Runtime vulnerabiliy

Summary IBM Semeru Runtime Quarterly CPU - Jul 2023 - Includes OpenJDK July 2023 CPU and CVE-2023-22049, CVE-2023-22036, CVE-2023-22006 affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to t...

3.7CVSS4.5AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:44 p.m.27 views

Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable with IBM Semeru Runtime Quarterly CPU - Oct 2023

Summary IBM Semeru Runtime Quarterly CPU - Apr 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807 and CVE-2023-5676 and affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

7.8CVSS6.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:39 p.m.6 views

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable and reported in Apache ActiveMQ

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, with vulnerability 264654 . Vulnerability Details IBM X-Force ID: 264654 DESCRIPTION: Apache ActiveMQ NMS could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Body...

8.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 12:33 p.m.46 views

Security Bulletin: Sterling Control Center v6.2.1 is vulnerable due to Apache ActiveMQ issue

Summary Sterling Control Center v6.2.1 is dependent on Apache ActiveMQ, which is vulnerable to CVE-2023-46604. Vulnerability Details CVEID:CVE-2023-46604 DESCRIPTION: Apache ActiveMQ and ActiveMQ Legacy OpenWire Module could allow a remote attacker to execute arbitrary code on the system, caused ...

10CVSS9.7AI score0.99654EPSS
Exploits31Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/03 11:11 a.m.55 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle July 2024 Critical Patch Update. Vulnerability Details CVEID: CVE-2024-21011 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low availability impact. CVSS...

3.7CVSS4.7AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:46 p.m.20 views

Security Bulletin: IBM Master Data Management vulnerable to denial of service from IBM Business Automation Workflow using Apache Johnzon

Summary IBM Master Data Management version 14.0 is impacted by vulnerability in IBM Business Automation Workflow. Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a remote attacker could exploit...

5.3CVSS5.7AI score0.01454EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:41 p.m.28 views

Security Bulletin: IBM Master Data Management is vulnerable to denial of service from Apache Commons Compress used in IBM Business Workflow Automation

Summary IBM Master Data Management v14.0 is vulnerable to denial of service from Apache commons compress used in IBM Business Workflow Automation. Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP...

8.1CVSS6.8AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 4:30 p.m.14 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.6 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.6 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization fla...

9.6CVSS7.7AI score0.01036EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 3:37 p.m.18 views

Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability

Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2024-6119. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking serv...

7.5CVSS7.5AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:37 a.m.52 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to denial of service vulnerability in Multiple vendors [ CVE-2023-44487]

Summary Potential denial of service vulnerability in Multiple vendors CVE-2023-44487 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-444...

7.5CVSS7.5AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:15 a.m.42 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple Vim vulnerabilities

Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-0128 DESCRIPTION: Vim could allow a local attacker to obtain...

8.4CVSS10AI score0.01739EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:12 a.m.35 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple Vim vulnerabilities

Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-0407 DESCRIPTION: Vim is vulnerable to a heap-based buffer...

9.8CVSS9.5AI score0.02086EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:7 a.m.39 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-2849 DESCRIPTION: Vim is vulnerable to a heap-based buffer...

7.8CVSS9.4AI score0.01196EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:7 a.m.43 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-35255 DESCRIPTION: Node.js could provide weaker than expected...

9.1CVSS9.4AI score0.03906EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:5 a.m.18 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go denial of service vulnerabilitiy.( CVE-2023-45290)

Summary Potential Golang Go denial of service vulnerabilitiy. CVE-2023-45290 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45290 DESCRIPTION: Golang Go is...

6.5CVSS8.6AI score0.01165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 9:52 a.m.16 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang Go sensitive information disclosure vulnerabilitiy( CVE-2023-45289)

Summary Potential Golang Go sensitive information disclosure vulnerabilitiyCVE-2023-45289 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-45289 DESCRIPTION:...

4.3CVSS7.8AI score0.0108EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 10:48 p.m.46 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in IBM MQ

Summary IBM Virtualization Engine TS7700 is susceptible to three denial-of-service conditions CVE-2024-25016, CVE-2024-31919, CVE-2024-35116, a privilege escalation CVE-2024-31912 and a buffer overflow CVE-2024-25048 due to the use of IBM MQ. TS7700 uses IBM MQ for inter-process communication...

8.8CVSS8.9AI score0.009EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 7:35 p.m.64 views

Security Bulletin: Cloud Pak System is vulnerable to HTTP request splitting attack.

Summary Cloud Pak System is vulnerable to HTTP request splitting attack CVE-2023-25690. Vulnerability Details CVEID:CVE-2023-25690 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request splitting attacks, caused by an error when modproxy is enabled along with some form of RewriteRule or...

9.8CVSS9.2AI score0.8377EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 6:52 p.m.43 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to stored cross-site scripting (CVE-2024-45073)

Summary IBM WebSphere Application Server is vulnerable to stored cross-site scripting in the administrative console. Vulnerability Details CVEID:CVE-2024-45073 DESCRIPTION: IBM WebSphere Application Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user t...

4.8CVSS4.9AI score0.00233EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 6:45 p.m.119 views

Security Bulletin: IBM HTTP Server (powered by Apache) for IBM i is vulnerable to a remote attacker causing a denial of service, executing arbitrary code, and mapping URLs to filesystem locations due to multiple vulnerabilities.

Summary IBM HTTP Server powered by Apache for IBM i is vulnerable to a remote attacker causing a denial of service due to NULL pointer dereference CVE-2024-38477, executing arbitrary code due to an encoding issue in modrewrite CVE-2024-38474, and improper escaping in modrewrite resulting in acces...

9.8CVSS10AI score0.99957EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 5:55 p.m.38 views

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Cloud Pak System

Summary There are multiple Unspecified and Denial of Service Java SE Vulnerabilities that affect IBM Java SDK shipped with IBM Cloud Pak Sytem. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attack...

5.9CVSS5.9AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 5:51 p.m.51 views

Security Bulletin: Vulnerabilities in Golang Go affect IBM Cloud Pak System

Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. CVE-2023-45284, CVE-2023-45283 Vulnerability Details CVEID:CVE-2023-45284 DESCRIPTION: Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the...

7.5CVSS6.4AI score0.02758EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 5:16 p.m.27 views

Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System

Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed in IBM Cloud Pak System v2.3.4.0. Vulnerability Details CVEID:CVE-2023-38013 DESCRIPTION: IBM Cloud Pak System could disclose sensitive information in HTTP responses that could aid in further attacks...

5.3CVSS6AI score0.00314EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 4:15 p.m.43 views

Security Bulletin: Multiple Vulnerabilities in components for Cloud Pak System

Summary Vulnerabilities found in components packaged with Cloud Pak System, Beego, Node.js follow-redirects module, Prototypejs, jQuery, Golang go and go/crypto module. These vulnerabilities have been addressed in Cloud Pak System V2.3.4.0 and IBM V2.3.5.0. Vulnerability Details...

9.8CVSS7.8AI score0.99019EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 3:35 p.m.11 views

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVEs. For a complet...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/01 11:26 a.m.13 views

Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.

Summary A vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2rBuffer overflow in GC when using the -Xgc:concurrentScavenge option on IBM Z. Vulnerability Details Refer to the security bulletins listed in...

7.1AI score
Exploits0Affected Software1
Total number of security vulnerabilities35705