Lucene search
K

35715 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 7:42 p.m.24 views

Security Bulletin: Vulnerabilities in Maven affect IBM watsonx.data

Summary Apache Maven could allow a remote attacker to either bypass security restrictions or to execute arbitrary commands on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2021-26291 DESCRIPTION: Apache Maven could allow a remote attacker to bypass security...

9.8CVSS9.9AI score0.08691EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 7:32 p.m.47 views

Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data

Summary There are multiple CVEs fixed for this Security Bulletin. For the FasterXML jackson-databind CVEs, jackson-databind could allow a remote attacker to execute arbitrary code on the system. For CVE-2017-7525, Apache Struts could also allow a remote attacker to execute arbitrary code on the...

9.8CVSS9.4AI score0.49727EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:58 p.m.27 views

Security Bulletin: Vulnerability in Perl affects IBM watsonx.data

Summary For CVE-2020-10878, if a user submits a specially-crafted regular expression and it is used in a regex by watsonx.data, this may cause an instruction injection. Currently, IBM watsonx.data is not vulnerable to the vulnerabilities described in CVE-2020-10543, CVE-2020-12723 and...

8.6CVSS8.5AI score0.12608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:56 p.m.25 views

Security Bulletin: Vulnerability in jackson-databind affects IBM watsonx.data

Summary FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system and could allow a remote attacker to obtain sensitive information. This can affect watsonx.data. This can affect IBM watsonx.data Vulnerability Details CVEID:CVE-2019-12384 DESCRIPTION:...

5.9CVSS8.3AI score0.45205EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:52 p.m.24 views

Security Bulletin: Vulnerability in Hibernate Validator affects IBM watsonx.data

Summary Hibernate Validator allows a remote attacker to bypass security restrictions, such as escaping or stripping, that may be in place when handling user-controlled data in error messages in IBM watsonx.data. Vulnerability Details CVEID:CVE-2021-23463 DESCRIPTION: h2database com.h2database:h2...

10CVSS8.8AI score0.64766EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:44 p.m.24 views

Security Bulletin: Vulnerability in Perl affects IBM watsonx.data

Summary Perl is vulnerable to buffer overflow issues. CVE-2020-10543: This vulnerability is identified in 32 bit, but watsonx.data is deployd in 64 bit platform. Hence watsonx.data is not affected. CVE-2020-10878, CVE-2020-12723: If user supplied string and it is used in a regex in our code, this...

8.6CVSS8.9AI score0.11334EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:36 p.m.26 views

Security Bulletin: Vulnerabilities in jackson-databind affect IBM watsonx.data

Summary FasterXML jackson-databind has multiple vulnerabilities including the possibility of remote attackers executing arbitrary code on the system. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2017-15095 DESCRIPTION: Jackson Library could allow a remote attacker to execute...

10CVSS9AI score0.49727EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:33 p.m.23 views

Security Bulletin: Vulnerabilities in Golang Go affect IBM watsonx.data

Summary Golang Go could allow a remote attacker to execute arbitrary code on the system and is vulnerable to HTML injection. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caus...

9.8CVSS9.9AI score0.02281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:20 p.m.32 views

Security Bulletin: Vulnerabilities in Go affects IBM watsonx.data

Summary Vulnerabilities in the Go package could allow a remote attacker to either inject malicious HTML code into a template causing an HTML injection or execute arbritray code on the system. These vulnerabilities may impact watsonx.data. Vulnerability Details CVEID:CVE-2023-24540 DESCRIPTION: Go...

9.8CVSS10AI score0.02281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 4:17 p.m.21 views

Security Bulletin: Vulnerabilities in GoLang Go and Kubernetes affect IBM watsonx.data

Summary Kubernetes vulnerabilities could allow a local authenticated attack to obtain sensitive information and could allow a denial of service attack. GoLang Go could allow denial of service attacks, HTTP request smuggling, HTML injections, local attacks to execute arbritray code execution, and...

9.8CVSS9.3AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 12:44 p.m.19 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Summary OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2024-2511 is identified as a potential risk for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netcool System Service...

5.9CVSS6.1AI score0.54026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 10:34 a.m.24 views

Security Bulletin: Multiple Vulnerabilities in Rational Asset Manager

Summary Multiple vulnerabilities were addressed in Rational Asset Manager version 7.5.4.15 Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS...

7.5CVSS7.2AI score0.46836EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 10:14 a.m.50 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-25629 DESCRIPTION: C-ares is vulnerable to a denial of service, caused by an...

10CVSS9.3AI score0.36081EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 9:28 a.m.36 views

Security Bulletin: IBM Operational Decision Manager for Aug 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-44487...

7.5CVSS8.4AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/18 8:45 a.m.19 views

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server is vulnerable to CVE-2024-25026 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server which is vulnerable to CVE-2024-25026. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5...

7.5CVSS6.6AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 11:9 p.m.27 views

Security Bulletin: AIX is affected by a denial of service (CVE-2024-0397) and information disclosure (CVE-2024-4032, CVE-2024-37891) due to Python

Summary Vulnerabilities in Python could allow a remote attacker to cause a denial of service CVE-2024-0397 or obtain sensitive information CVE-2024-4032, CVE-2024-37891. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2024-4032 DESCRIPTION: An...

7.5CVSS7.2AI score0.01141EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 10:4 p.m.14 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF Vulnerability Details CVEID:CVE-2023-41175 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an integer overflow in raw2tiff.c. By persuading a victim to open a...

6.5CVSS7AI score0.01037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 10:3 p.m.19 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-30261 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with fetch with integrity...

3.5CVSS4.8AI score0.00803EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 9:51 p.m.26 views

Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js and package affects IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get process...

7.5CVSS8.1AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 9:36 p.m.24 views

Security Bulletin: IBM DataPower Gateway vulnerable to physical attacks and DoS.

Summary CVE-2023-1073, CVE-2023-1079, CVE-2023-4132 require physical access to the appliance with malicious USB device. CVE-2023-1206 can allow an attacker with a high bandwidth connection to consume excessive CPU resources. Vulnerability Details CVEID:CVE-2023-1073 DESCRIPTION: Linux Kernel coul...

6.8CVSS7.1AI score0.00553EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:49 p.m.12 views

Security Bulletin: Insufficient input validation in IBM Business Automation Workflow Center - CVE-2024-43188

Summary IBM Business Automation Workflow Center is vulnerable because of insufficient user input validation. Vulnerability Details CVEID:CVE-2024-43188 DESCRIPTION: IBM Business Automation Workflow could allow a privileged user to perform unauthorized activities due to improper client side...

4.9CVSS4.9AI score0.00324EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:35 p.m.34 views

Security Bulletin: Mutiple vulnerabilities in Bouncy Castle Crypto Package For Java may affect IBM Storage Scale GUI (CVE-2024-30171, CVE-2024-29857)

Summary There are vulnerabilities in Bouncy Castle Crypto Package For Java, used by IBM Storage Scale GUI, which could allow a remote attacker to exploit and obtain sensitive information. Vulnerability Details CVEID:CVE-2018-20676 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caus...

7.5CVSS6.8AI score0.1686EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:19 p.m.21 views

Security Bulletin: PrototypeJS shipped with IBM Tivoli Business Service Manager is vulnerable to cross-site request forgery (CVE-2008-7220)

Summary PrototypeJS is shipped as part of front-end component for IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting PrototypeJS has been published in a security bulletin. Vulnerability Details CVEID:CVE-2008-7220 DESCRIPTION: An unspecified error in the...

7.5CVSS9AI score0.13355EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:19 p.m.28 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: A...

7.4CVSS5.9AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 7:14 p.m.26 views

Security Bulletin: This Power System update is being released to address CVE-2023-45871

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-45871, by upgrading PowerVM and thus addressing the exposure ...

7.5CVSS8.5AI score0.00544EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 7:9 p.m.21 views

Security Bulletin: This Power System update is being released to address CVE-2023-1206

Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2023-1206, by upgrading PowerVM and thus addressing the exposure t...

5.7CVSS6.7AI score0.00553EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 5:39 p.m.24 views

Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper...

8.1CVSS8.6AI score0.08279EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 3:31 p.m.47 views

Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities (CVE-2024-5569, CVE-2024-39689)

Summary IBM Security Guardium Insights has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a local attacker...

7.5CVSS7AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 9:2 a.m.20 views

Security Bulletin: Security vulnerability has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool.

Summary There is security vulnerability in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to...

7.5CVSS7.4AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 9:0 a.m.22 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Jul 2024. Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE...

7.4CVSS6AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:58 a.m.21 views

Security Bulletin: A vulnerability in JavaScript affects IBM License Metric Tool v9 (CVE-2024-39338).

Summary There is a vulnerability in JavaScript library Axios that is used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relativ...

7.5CVSS7.3AI score0.01414EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:56 a.m.26 views

Security Bulletin: A vulnerability in XML toolkit for Ruby affects IBM License Metric Tool.

Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-43398 DESCRIPTION: Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By using a specially crafted XML content, a remote...

7.5CVSS6.2AI score0.01493EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:55 a.m.21 views

Security Bulletin: A vulnerability in fugit gem affects IBM License Metric Tool (CVE-2024-43380).

Summary There is a vulnerability in one of the Ruby gems used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request...

7.5CVSS7.5AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:40 a.m.26 views

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control

Summary Node.js is vulnerable to remote attacker to execute arbitrary commands. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-36138 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by the incomplete fi...

8.1CVSS8.1AI score0.01104EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:39 a.m.26 views

Security Bulletin: Vulnerability in OpenSSL affect IBM Spectrum Control

Summary OpenSSL is vulnerable to execution of arbitrary code on the system. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...

7.5CVSS7.8AI score0.02945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/17 8:38 a.m.20 views

Security Bulletin: IBM WebSphere Application Server Liberty vulnerability affect IBM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to XML External Entity Injection XXE attack. This vulnerability affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Libert...

7CVSS7.2AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 6:33 p.m.52 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service (CVE-2024-40680)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-40680 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault. CVSS Base score: 6.2 CVSS Temporal Score:...

5.5CVSS5.9AI score0.00188EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 6:20 p.m.52 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Storage Scale System

Summary There is a vulnerability in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System, which could allow a remote attacker to cause a denial of service. CVE-2023-46158, CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Serve...

9.8CVSS7.5AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 5:22 p.m.74 views

Security Bulletin: IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253.

Summary IBM Maximo Application Suite uses k82.io package which is vulnerable to CVE-2019-11250, CVE-2020-8565, CVE-2019-11253. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a local...

7.5CVSS6.5AI score0.25939EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 5:8 p.m.34 views

Security Bulletin: Vulnerabilities in Elasticsearch affect watsonx.data

Summary Elasticsearch is vulnerable to local authenticated attacks to obtain sensitive information and denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-31417 DESCRIPTION: Elasticsearch could allow a local authenticated attacker to obtain sensitive...

7.5CVSS7AI score0.60679EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/16 4:32 p.m.39 views

Security Bulletin: Vulnerability in Netty affects watsonx.data

Summary Netty is vulnerable to a denial of service. For CVE-2019-9518, a remote attacker could cause watsonx.data to consume excessive CPU resources by sending a set of frames without an end-of-stream flag, eventually causing a denial of service condition. This would affect watsonx.data. For...

7.8CVSS8.5AI score0.25448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/14 4:9 a.m.22 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (July 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in July 2024. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified...

5.9CVSS6.1AI score0.00953EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 10:26 p.m.12 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - July 2024 CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 8:29 p.m.32 views

Security Bulletin: IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to unqualified library calls [CVE-2024-38330].

Summary IBM Managed System Services for i and IBM System Management for i are vulnerable to a local user gaining elevated privilege due to programs making unqualified library calls as described in the vulnerability details section. This bulletin identifies the steps to take to address the...

7.8CVSS7.2AI score0.00258EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 6:52 p.m.30 views

Security Bulletin: IBM Security QRadar Offenses Forwarder App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2023-26159, CVE-2022-40023, CVE-2022-25883)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing...

7.5CVSS7.3AI score0.02761EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 6:33 p.m.23 views

Security Bulletin: IBM Master Data Management affected by vulnerabilites in IBM WebSphere Application Server to cross-site scripting (CVE-2024-35153)

Summary IBM Master Data Management version 11.6, 12.0 and 14.0 are impacted by vulnerability in IBM WebSphere Application Server. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credential...

4.8CVSS4.9AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 4:46 p.m.35 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2024-21147, CVE-2024-21145, CVE-2024-21140, CVE-2024-21144, CVE-2024-21138, CVE-2024-21131 and CVE-2024-27267 Vulnerability Details CVEID:CVE-2024-21147...

7.4CVSS5.7AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 4:7 p.m.27 views

Security Bulletin: ISC BIND on IBM i is vulnerable to a remote attacker causing a denial of service due to multiple vulnerabilities.

Summary Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to a denial of service due to queries to an excessively large resolver database CVE-2024-1737, serving stale cache data content CVE-2024-4076, sending SIG 0 signed requests CVE-2024-1975, and sending a flood of DNS...

7.5CVSS7.8AI score0.0468EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 3:19 p.m.30 views

Security Bulletin: IBM Aspera Shares improved security for user session handling (CVE-2024-38315)

Summary IBM Aspera Shares has addressed a vulnerability related to user session handling. Vulnerability Details CVEID:CVE-2024-38315 DESCRIPTION: IBM Aspera Shares does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system...

6.5CVSS6.2AI score0.00227EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/13 8:4 a.m.28 views

Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk15on-1.70.jar which is vulnerable to CVE-2024-29857.

Summary IBM Maximo Application Suite uses bcprov-jdk15on-1.70.jar which is vulnerable to CVE-2024-29857. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable ...

7.5CVSS7.3AI score0.011EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35715