Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35059 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 9:55 p.m.•14 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-29896 DESCRIPTION: Node.js npm Astro-Shield module is vulnerable to script injection, caused by an error when automated CSP headers generation for SSR content is...

7.5CVSS7.4AI score0.00949EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 9:53 p.m.•10 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM WebSphere Application Server Liberty

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafte...

6.5CVSS6.6AI score0.00383EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 9:52 p.m.•22 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in tar-6.1.11.tgz

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of tar-6.1.11.tgz Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: isaacs node-tar is vulnerable to a denial of service, caused by the lack of folders count validation. By sending a specially crafted...

6.5CVSS6.5AI score0.00663EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 9:51 p.m.•24 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js micromatch

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js micromatch Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...

5.3CVSS6.1AI score0.00171EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 9:50 p.m.•29 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js braces

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js braces Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading...

7.5CVSS7.3AI score0.00305EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 9:44 p.m.•27 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js - follow-redirects-1.15.4

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js - follow-redirects-1.15.4 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by...

6.5CVSS6.6AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 9:28 p.m.•29 views

Security Bulletin: IBM DataPower Gateway Virtual Edition vulnerable to security bypass due to open-vm-tools (CVE-2023-20867)

Summary open-vm-tools provides an interface between IBM DataPower Gateway Virtual Edition and the hypervisor. This issue may permit a compromised hypervisor to perform unauthorized guest operations. Vulnerability Details CVEID:CVE-2023-20867 DESCRIPTION: VMware Tools could allow a local...

3.9CVSS4.6AI score0.01444EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 7:16 p.m.•33 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to buffer overflow due to perl (CVE-2020-12723, CVE-2020-10543, CVE-2020-10878)

Summary Perl is used by IBM Cloud Pak for Data to build various binaries. CVE-2020-12723, CVE-2020-10543, CVE-2020-10878 Vulnerability Details CVEID:CVE-2020-12723 DESCRIPTION: Perl is vulnerable to a denial of service, caused by a buffer overflow in regcomp.c. By using a specially crafted regula...

8.6CVSS8.8AI score0.04289EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 7:12 p.m.•32 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to cURL libcurl ( CVE-2022-32208, CVE-2022-32206 )

Summary cURL libcurl is used by IBM Cloud Pak for Data as part of the platform. CVE-2022-32208, CVE-2022-32206. Vulnerability Details CVEID:CVE-2022-32208 DESCRIPTION: cURL libcurl is vulnerable to a man-in-the-middle attack, caused by a flaw in the handling of message verification failures. An...

6.5CVSS7.3AI score0.03367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 7:6 p.m.•21 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to golang compiler ( CVE-2022-32190 )

Summary Golang compiler is used by IBM Cloud Pak for Data to build various binaries. CVE-2022-32190 Vulnerability Details CVEID:CVE-2022-32190 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by not remove ../ path elements appended to a relative...

7.5CVSS7.2AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 5:0 p.m.•62 views

Security Bulletin: Multiple Vulnerabilities affect Db2 shipped with Cloud Pak System

Summary Vulnerabilities affect Db2 shipped with Platform System Manager PSM and Db2 pattern type PType in IBM Cloud Pak System and IBM Cloud Pak System Software. IBM Cloud Pak System has addressed vulnerabilities. Vulnerability Details CVEID:CVE-2023-29257 DESCRIPTION: IBM Db2 for Linux, UNIX and...

7.5CVSS7.3AI score0.00221EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 2:36 p.m.•100 views

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725)

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error...

9.1CVSS7.1AI score0.25097EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 2:30 p.m.•178 views

Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by improper...

9.8CVSS10AI score0.93858EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 2:29 p.m.•20 views

Security Bulletin: IBM Security Guardium is affected by denial of service vulnerabilities (CVE-2023-46728, CVE-2023-49285, CVE-2023-49286)

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2023-46728 DESCRIPTION: Squid-Cache Squid is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the Gopher gateway. By sending a specially crafted request, ...

8.6CVSS8.2AI score0.09621EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 2:28 p.m.•28 views

Security Bulletin: IBM Security Guardium is affected by a Kernel vulnerability (CVE-2024-1086, CVE-2024-26602)

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-1086 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by use-after-free flaw in the nftverdictinit function in...

7.8CVSS7.4AI score0.84554EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 12:58 p.m.•24 views

Security Bulletin: IBM Maximo Application Suite: jose-4.15.4.tgz is vulnerable to CVE-2024-28176 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses jose-4.15.4.tgz which is vulnerable to CVE-2024-28176 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...

5.9CVSS5.3AI score0.00572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 4:30 a.m.•24 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to...

7.3CVSS5.3AI score0.00146EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/29 4:26 a.m.•24 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow a remote...

3.7CVSS4AI score0.00143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/26 4:9 p.m.•21 views

Security Bulletin: FileNet Content Manager (FNCM) Content Platform Engine (CPE) user may gain authorization privileges of another user in specific cases

Summary FileNet Content Manager FNCM Content Platform Engine CPE user may gain authorization privileges of another user in specific cases Vulnerability Details CVEID:CVE-2023-47716 DESCRIPTION: IBM CP4BA - Filenet Content Manager Component could allow a user to gain the privileges of another user...

8.8CVSS6.3AI score0.00024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/26 2:46 p.m.•22 views

Security Bulletin: IBM Match 360 vulnerable to denial of service from exploit in IBM WebSphere Application Server Liberty (CVE-2024-27268)

Summary IBM Match 360 vulnerable to.a denial of service because of a vulnerability found in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote...

7.5CVSS6.5AI score0.00191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/26 1:14 p.m.•43 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2024-40898, CVE-2024-40725)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.1CVSS6.5AI score0.25097EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/26 1:13 p.m.•79 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server.

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.8CVSS9.1AI score0.93858EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/26 1:12 p.m.•19 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-35154

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.2CVSS7.4AI score0.00285EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/26 10:12 a.m.•28 views

Security Bulletin: Vulnerability in less library (CVE-2022-48624) affects Power HMC.

Summary The less library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-48624 DESCRIPTION: less could allow a local attacker to execute arbitrary commands on the system, caused by a flaw with omitting shellquote calls f...

7.8CVSS8.1AI score0.00578EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/26 8:24 a.m.•55 views

Security Bulletin: Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager (CVE-2024-22259, CVE-2024-22243, CVE-2024-22262).

Summary Vulnerability in Spring Framework affects IBM Tivoli Application Dependency Discovery Manager CVE-2024-22259, CVE-2024-22243, CVE-2024-22262. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote...

8.1CVSS8.2AI score0.59593EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/25 4:39 p.m.•26 views

Security Bulletin: IBM Security Directory Integrator vulnerable to sensitive information disclosure (CVE-2022-32751)

Summary The IBM Security Directory Integrator product could disclose sensitive server information which affects the IBM Security Directory Server. This was addressed in an update. Vulnerability Details CVEID:CVE-2022-32751 DESCRIPTION: IBM Security Verify Directory 10.0.0 could disclose sensitive...

5.3CVSS5.3AI score0.00077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/25 4:14 p.m.•68 views

Security Bulletin: Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. These fixes resolve the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere...

7.5CVSS6.9AI score0.00191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/25 2:41 p.m.•28 views

Security Bulletin: Vulnerability in Java affects Tivoli System Automation for Multiplatforms shipped with IBM® Db2® LUW. (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)

Summary Security vulnerabilities have been identified in Java that affect Tivoli System Automation for Multiplatforms TSAMP shipped as a component of IBM Db2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions TSAMP include...

7.5CVSS7AI score0.00057EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 10:47 p.m.•22 views

Security Bulletin: IBM Aspera Orchestrator improved security for user session handling (CVE-2023-26288, CVE-2023-38001)

Summary IBM Aspera Orchestrator has addressed multiple vulnerabilities related to user session handling. Vulnerability Details CVEID:CVE-2023-38001 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized...

6.5CVSS6.2AI score0.0006EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 10:43 p.m.•19 views

Security Bulletin: IBM Aspera Orchestrator improved security for its HTTP code base (CVE-2023-26289)

Summary IBM Aspera Orchestrator has addressed a vulnerability related to handling of HTTP headers. Vulnerability Details CVEID:CVE-2023-26289 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow a...

5.4CVSS5.2AI score0.00115EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 10:40 p.m.•27 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tomcat Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper input validation by the HTTP/2 header. By sending specially crafted...

7.5CVSS6.8AI score0.6439EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 10:36 p.m.•16 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in IBM WebSphere Application Server Liberty

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0....

7CVSS6.1AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 9:56 p.m.•22 views

Security Bulletin: IBM Match 360 is vulnerable to server-side request forgery from IBM WebSphere Application Server Liberty (CVE-2024-22329)

Summary IBM Match 360 is vulnerable to to server-side request forgery due to a vulnerability found in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request...

4.3CVSS5.4AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 9:49 p.m.•22 views

Security Bulletin: IBM Match 360 vulnerable to denial of service from IBM WebSphere Application Server Liberty (CVE-2024-22353)

Summary IBM Match 360 is vulnerable to denial of service because of a vulnerability found in IBM WebSphere Application server Liberty. IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote...

7.5CVSS6.7AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 9:45 p.m.•22 views

Security Bulletin: IBM Match 360 is vulnerable to denial of service from IBM WebSphere Application Server Liberty (CVE-2024-25026)

Summary IBM Match 360 is vulnerable to denial of service through a vulnerability in IBM Websphere Application Server Liberty. IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a...

7.5CVSS6.4AI score0.00021EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 9:42 p.m.•21 views

Security Bulletin: IBM Match 360 is vulnerable to cross-site scripting from IBM WebSphere Application Server Liberty (CVE-2024-27270)

Summary IBM Match 360 is vulnerable to cross-site scripting due to a vulnerability found in IBM WebSphere Application Server Liberty. IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

6.1CVSS4.8AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 7:48 p.m.•16 views

Security Bulletin: IBM Security Directory Integrator vulnerable to sensitive data exposure (CVE-2022-33167)

Summary A Security Vulnerability discovered in the IBM Security Directory Integrator which could disclose sensitive information has affected the IBM Security Directory Server. The issue was addressed in an update. Vulnerability Details CVEID:CVE-2022-33167 DESCRIPTION: IBM Security Directory Serv...

7.5CVSS4.7AI score0.00086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 6:50 p.m.•25 views

Security Bulletin: IBM Storage Ceph is vulnerable to a denial of service in Grafana. (CVE-2024-21319)

Summary Go Jose is used by IBM Storage Ceph in Grafana as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-21319 Vulnerability Details IBM X-Force ID: 273486 DESCRIPTION: go-jose is vulnerable to a denial of service, caused by a fla...

6.8CVSS6.3AI score0.00593EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 5:15 p.m.•39 views

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM QRadar Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: webpack...

9.8CVSS9AI score0.18844EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 4:48 p.m.•34 views

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264)

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.2.2 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.2.1 or...

7.5CVSS4.8AI score0.00449EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 3:52 p.m.•25 views

Security Bulletin: Security Vulnerability fixed in IBM Security Directory Integrator (CVE-2022-32754, CVE-2024-28722)

Summary The IBM Security Directory Integrator product is vulnerable to cross-site scripting which affects the IBM Security Directory Server Vulnerability Details CVEID:CVE-2022-32754 DESCRIPTION: IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows...

6.8CVSS5.2AI score0.02013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 3:50 p.m.•24 views

Security Bulletin: Security Vulnerability fixed in IBM Security Directory Integrator (CVE-2022-32759)

Summary The IBM Security Directory Integrator product uses insufficient session expiration which affects the IBM Security Directory Server. The issue has been addressed in an update. Vulnerability Details CVEID:CVE-2022-32759 DESCRIPTION: IBM Security Directory Server uses insufficient session...

7.5CVSS5.9AI score0.00108EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 3:42 p.m.•18 views

Security Bulletin: Security Vulnerability fixed in IBM Security Directory Integrator (CVE-2024-28771, CVE-2024-28770, CVE-2024-28766)

Summary Multiple Security Vulnerabilities were fixed in the IBM Security Directory Integrator product. Vulnerability Details CVEID:CVE-2024-28771 DESCRIPTION: IBM Security Directory Integrator does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to g...

7.5CVSS5.7AI score0.00094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 3:40 p.m.•20 views

Security Bulletin: Security Vulnerability fixed in IBM Security Directory Integrator (CVE-2022-33162)

Summary IBM Security Directory Integrator has addressed an issue where it did not perform authentication. Vulnerability Details CVEID:CVE-2022-33162 DESCRIPTION: IBM Security Directory Server does not perform any authentication for functionality that requires a provable user identity or consumes ...

9.8CVSS7.7AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 1:52 p.m.•29 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information CVE-2024-30171...

9.8CVSS8.4AI score0.00741EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 1:34 p.m.•12 views

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure

Summary IBM QRadar Suite software is vulnerable to information exposure through a detailed technical error message. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest...

7.5CVSS6.8AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 11:2 a.m.•33 views

Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities CVE-2023-45290, CVE-2024-24783, CVE-2024-24785, CVE-2023-45289, CVE-2024-24784 & CVE-2024-24788

Summary Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to denial of service and remote code execution due to Go vulnerabilities CVE-2023-45290, CVE-2024-24783, CVE-2024-24785, CVE-2023-45289, CVE-2024-24784 & CVE-2024-24788. These have been remediated. Vulnerability Details...

7.5CVSS8.7AI score0.02017EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/24 5:23 a.m.•16 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the Netty package (CVE-2023-34462).

Summary Netty is used by IBM Event Streams, providing high-performance, asynchronous network communication that ensures scalability, low latency, and secure connections, essential for real-time data processing and reliable event delivery. Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION:...

6.5CVSS6.8AI score0.00736EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/23 11:49 p.m.•17 views

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-37533)

Summary An information disclosure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-37533 DESCRIPTION: IBM InfoSphere Information Server could disclose sensitive user information to another user with physical access to the machine. CVSS Base score:...

4.6CVSS3.5AI score0.00053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/23 10:39 p.m.•34 views

Security Bulletin: Security Vulnerabilities in the IBM Java SE were fixed in the IBM Security Directory Integrator (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264)

Summary Multiple Security Vulnerabilties in the IBM Java SE package were addresssed and shipped with the IBM Security Directory Integrator. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to...

7.5CVSS4.7AI score0.00449EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35059