Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35068 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2024/07/18 11:13 a.m.•25 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 277 Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted reques...

8.1CVSS7.9AI score0.8434EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/18 10:37 a.m.•50 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution

Summary Salesforce tough-cookie is used by IBM App Connect Enterprise Certified Container for handling cookies. IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in...

9.8CVSS8.3AI score0.06248EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/18 8:29 a.m.•77 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases

Summary IBM MQ Operator and Queue manager container images are vulnerable to packages included in IBM WebSphere Application Server, Bouncy Castle Crypto Package For Java, k8.io, IBM Java and also memory leak, password handling cases. This bulletin identifies the steps required to address these...

8.8CVSS9.8AI score0.9439EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/17 3:21 p.m.•34 views

Security Bulletin: Vulnerability with The Bouncy Castle Crypto affect IBM Cloud Object Storage Systems (July 2024v2)

Summary Vulnerability with The Bouncy Castle CryptoCVE-2024-29857, , Snappy CVE-2024-36124, CVE-2024-30171, CVE-2024-30172, This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is...

7.5CVSS7AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/17 2:49 p.m.•62 views

Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerability (CVE-2024-4741)

Summary Vulnerability contained within OpenSSL a 3rd party component was addressed in the IBM MaaS360 VPN Module. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...

7.5CVSS7.8AI score0.00687EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/17 2:21 p.m.•37 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-46813, CVE-2023-51385, CVE-2023-48795)

Summary IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID:CVE-2023-46813 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect access checking in the VC handler and instruction emulation ...

7CVSS7.5AI score0.51662EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/17 1:4 p.m.•28 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Storage Scale packaged in Elastic Storage Server

Summary There are multiple vulnerabilities in Javaâ„¢ Technology Edition used by the Elastic Storage Server. Fixes for all these vulnerabilities are available. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945. Vulnerability Details CVEID:CVE-2024-20952...

7.4CVSS6.8AI score0.00319EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/17 12:53 p.m.•29 views

Security Bulletin: Multiple vulnerabilities in IBM JAVA JDK affect IBM Storage Scale packaged in IBM Storage Scale System

Summary Multiple vulnerabilities in IBM Java JDK, used by IBM Storage Scale System GUI, could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact and no availability impact. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926,...

7.4CVSS6.8AI score0.00319EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/17 10:5 a.m.•18 views

Security Bulletin: IBM Maximo Application Suite: follow-redirects-1.15.5.tgz is vulnerable to CVE-2024-28849 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses follow-redirects-1.15.5.tgz which is vulnerable to CVE-2024-28849 Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information,...

6.5CVSS6.7AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/16 10:4 p.m.•55 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2024-2511, CVE-2024-0727) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2024-2511, CVE-2024-0727. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

5.9CVSS6.7AI score0.08833EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/16 8:1 p.m.•23 views

Security Bulletin: IBM Sterling B2B Integrator Standard Edition could disclose sensitive information in the HTTP response

Summary In IBM Sterling B2B Integrator's dashboard, many links have CSRF tokens at the end of URLs. An attacker could post something with a link to the B2Bi dashboard somewhere. If a B2Bi user who has the active http session and owns the token clicks the link then the request will be honored sinc...

3.7CVSS3.4AI score0.00122EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/16 1:59 p.m.•38 views

Security Bulletin: Multiple vulnerabilities in go and opm affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in go and opm affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2017-11468 DESCRIPTION:...

9.8CVSS8.8AI score0.04027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/16 12:17 p.m.•24 views

Security Bulletin: Security vulnerabilities may affect Ubuntu packages that are shipped with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect Ubuntu packages that are shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issues. Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION: shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive...

5.5CVSS7.1AI score0.10933EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/16 8:40 a.m.•22 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics Installed IBM WebSphere Application Server is vulnerable to remote code execution

Summary The security issue described in CVE-2024-35154 has been identified in the WebSphere Application Server traditional included as part of IBM Tivoli Composite Application Manager for Application Diagnostics Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.2CVSS6.9AI score0.00285EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/16 8:12 a.m.•51 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed mutiple CVEs. Vulnerability Details CVEID:CVE-2023-6129 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the...

6.5CVSS6.8AI score0.03331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/16 5:59 a.m.•25 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server and Operations Center

Summary Multiple vulnerabilities exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Server and IBM Storage Protect Operations Center. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850...

7.5CVSS7.1AI score0.00319EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/16 5:58 a.m.•21 views

Security Bulletin: There is a vulnerability in IBM® SDK, Java™ Technology Edition on z/OS used by IBM Storage Protect Server and Operations Center

Summary IBM Storage Protect Server and Operations Center are affected with vulnerabilities PSIRT-ADV0103951 under certain locales / codepages in IBM® SDK, Java™ Technology Edition on z/OS. Vulnerability Details IBM X-Force ID: PSIRT-ADV0103951 DESCRIPTION: Created from Advisory: ADV0103951 CVSS...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/16 3:29 a.m.•23 views

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-28849)

Summary A vulnerability in axios affects IBM Robotic Process Automation resulting in a bypass of security restrictions. axios is used by IBM Robotic Process Automation as part of the Control Center. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...

6.5CVSS6.8AI score0.01077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 8:6 p.m.•40 views

Security Bulletin: IBM Security Guardium is affected by an Oracle MySQL vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2024-20968 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server: Options component could allow a remote authenticated attacker to cause high availability impact. CVSS Base...

6.5CVSS5.1AI score0.00325EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 8:4 p.m.•12 views

Security Bulletin: IBM Sterling Partner Engagement Manager is impacted by WebSphere Application Server Liberty DoS Vulnerability

Summary IBM Sterling Partner Engagement Manager has addressed a WebSphere Application Server Liberty denial of service vulnerability, denial of service CVE-2023-38737 vulnerability. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: IBM WebSphere Application Server Liberty 22.0.0.13 through...

7.5CVSS6.5AI score0.00058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 8:1 p.m.•21 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to IBM Java SDK (Tech Edition) vulnerabilities

Summary IBM Sterling Partner Engagement Manager 6.2.3.1, 6.1.2.10, and 6.2.0.8 address IBM Java SDK Tech Edition CPU vulnerabilities attached to this Security Bulletin. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component coul...

3.7CVSS4.8AI score0.00141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 7:54 p.m.•26 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities in updates. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity...

7.5CVSS8.1AI score0.01866EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 7:53 p.m.•17 views

Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2024-0985)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when running in REFRESH MATERIALIZED VIEW CONCURRENTLY. By persuading a victim...

8CVSS8.3AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 7:44 p.m.•12 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Websphere Liberty DoS

Summary IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. IBM Sterling Partner Engagement Manager 6.2.3.1 has included an upgraded version of WebSphere Liberty, which remediates this...

7.5CVSS6.6AI score0.00058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 7:42 p.m.•49 views

Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Tomcat (CVE-2023-45648, CVE-2023-42795, CVE-2023-42794)

Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-45648 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of HTTP trailer headers. By sending a specially crafted invalid trailer heade...

5.9CVSS7.4AI score0.62079EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 7:39 p.m.•12 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to Improper Error Handling.

Summary IBM Sterling Partner Engagement Manager resolved the issue improper error handling, which prevents the disclosure of log messages containing implementation details. Vulnerability Details CVEID:CVE-2022-35640 DESCRIPTION: IBM Sterling Partner Engagement Manager could allow a local attacker...

5.5CVSS3.7AI score0.00022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 3:6 p.m.•21 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Server and Operations Center (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary Multiple vulnerabilities CVE-2023-22081, CVE-2023-22067, CVE-2023-5676 exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Storage Protect Server and IBM Storage Protect Operations Center. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified...

5.9CVSS6.4AI score0.00172EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 3:2 p.m.•32 views

Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server (CVE-2023-22081, CVE-2023-5676).

Summary IBM Storage Protect Server uses IBM® DB2® and may be affected by multiple vulnerabilities which could lead to denial of service or loss of confidentiality, integrity or availability. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

5.9CVSS6.3AI score0.00098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 2:58 p.m.•7 views

Security Bulletin: A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard.

Summary A security vulnerability may affect a Go package that is shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the issues. Vulnerability Details IBM X-Force ID: 255317 DESCRIPTION: Logrus is vulnerable to a denial of service, caused by a flaw in the bufio.Scanner log write...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 1:22 p.m.•38 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2023-6237, CVE-2023-6129, CVE-2023-5678, CVE-2024-0727 Vulnerability Details CVEID:CVE-2023-6237 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in...

6.5CVSS6.9AI score0.03331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 1:21 p.m.•35 views

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2023-46219, CVE-2023-46218 Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw...

6.5CVSS6.5AI score0.00213EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 11:47 a.m.•16 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-37532)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

8.8CVSS8.4AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 11:46 a.m.•14 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is used by IBM Rational ClearQuest (CVE-2024-35153)

Summary IBM WebSphere Application Server WAS is used by IBM Rational ClearQuest server and web components. Information about security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

4.8CVSS5AI score0.00309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 7:28 a.m.•26 views

Security Bulletin: IBM Asset Data Dictionary Component uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025

Summary IBM Asset Data Dictionary Component uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of...

5.3CVSS5.6AI score0.00343EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 7:27 a.m.•25 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.3 which is vulnerable to CVE-2024-27270 and CVE-2024-22329

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty - v.24.0.0.3 which is vulnerable to CVE-2024-27270 and CVE-2024-22329. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM...

6.1CVSS4.9AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 7:26 a.m.•19 views

Security Bulletin: IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203.

Summary IBM Maximo Application Suite uses tinymce-5.10.9.tgz which is vulnerable to CVE-2024-29203, CVE-2024-29881, and CVE-2024-29203. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29203 DESCRIPTION: TinyMCE is vulnerable to...

6.1CVSS4.8AI score0.05137EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 6:34 a.m.•16 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2024-35154)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

7.2CVSS7.3AI score0.00285EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 5:40 a.m.•26 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing.

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.1.8 Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the RSA decrypti...

9.1CVSS7.5AI score0.01077EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/15 5:20 a.m.•20 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2024-35154)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.2CVSS7.1AI score0.00285EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 5:12 p.m.•24 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 23.0.2-IF004

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF004 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypa...

5.6CVSS5.5AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 3:44 p.m.•57 views

Security Bulletin: Vulnerability with Perl, Snappy, Psf Request, spring-web-5.3.33.jar , Apache HTTP Server, OpenJDK, affect IBM Cloud Object Storage Systems (July 2024v1)

Summary Vulnerability with Perl CVE-2023-47038, Snappy CVE-2024-36124, Psf Request CVE-2024-35195, spring-web-5.3.33.jar CVE-2024-22262 , Apache HTTP Server, CVE-2024-24795, CVE-2023-38709 OpenJDK CVE-2024-21094, CVE-2024-21011, CVE-2024-21085, CVE-2024-21068, CVE-2024-21012,. This vulnerability...

8.1CVSS8.1AI score0.12634EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 12:44 p.m.•50 views

Security Bulletin: IBM Security QRadar Manager for YARA and SIGMA Rules App for IBM QRadar SIEM is vulnerable to using a component with a known vulnerability (CVE-2024-35195)

Summary The product includes a vulnerable component e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerability. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...

5.6CVSS5.6AI score0.00074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 11:28 a.m.•26 views

Security Bulletin: Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to information disclosure and denial of service due to Go vulnerabilities CVE-2023-45287, CVE-2023-39326, and CVE-2024-24786

Summary Operations Dashboard in IBM Cloud Pak for Integration is vulnerable to information disclosure and denial of service due to Go vulnerabilities CVE-2023-45287, CVE-2023-39326, and CVE-2024-24786. These have been remediated. Vulnerability Details CVEID:CVE-2023-45287 DESCRIPTION: Golang Go...

7.5CVSS7.5AI score0.00393EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 11:7 a.m.•23 views

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2024-25026, CVE-2024-22329)

Summary IBM WebSphere Application Server Liberty is vulnerable to denial of service and server-side request forgery. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are...

7.5CVSS5.8AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 9:47 a.m.•34 views

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to Security Restriction Bypass ( CVE-2020-13956)

Summary Apache HttpClient is vulnerable to Security Restriction Bypass. Attackers can potentially break security and potentially steal sensitive information. This has been addressed with an update. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote...

5.3CVSS6.5AI score0.00505EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 9:46 a.m.•20 views

Security Bulletin: pdfmake vulnerability affect IBM Spectrum Control

Summary Vulnerability in pdfmake could allow a remote attacker to execute arbitrary code on the system, which could affect IBM Spectrum Control. CVE-2024-25180. Vulnerability Details CVEID:CVE-2024-25180 DESCRIPTION: pdfmake could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS9.9AI score0.00428EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 8:41 a.m.•26 views

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-51775)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

6.5CVSS6.6AI score0.00383EPSS
Exploits1Affected Software11
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 8:39 a.m.•30 views

Security Bulletin: IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025

Summary IBM Maximo Application Suite- Manage component uses Insecure version of netty codec used in mas-data-dictionary-lib which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION...

5.3CVSS5.7AI score0.00343EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 8:39 a.m.•21 views

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in WebSphere Application Server Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-22329)

Summary There is a vulnerability in WebSphere Application Server Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3...

4.3CVSS5.4AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/07/12 8:36 a.m.•17 views

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-51775)

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending ...

6.5CVSS6.6AI score0.00383EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35068