Lucene search
K

35715 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/13 7:30 a.m.•26 views

Security Bulletin: IBM Maximo Application Suite uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067.

Summary IBM Maximo Application Suite uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of servic...

5.3CVSS6.2AI score0.01429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/13 7:30 a.m.•27 views

Security Bulletin: IBM Maximo Application Suite uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to CVE-2024-4067.

Summary IBM Maximo Application Suite uses Werkzeug-2.2.3-py3-none-any.whl which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-34069 DESCRIPTION: Pallets Werkzeug could allow a remote attacker to...

7.5CVSS6.9AI score0.03397EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/13 7:11 a.m.•14 views

Security Bulletin: IBM Maximo Application Suite uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to CVE-2023-29483.

Summary IBM Maximo Application Suite uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to CVE-2023-29483. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to a denial of service,...

7CVSS6.8AI score0.01857EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/12 7:54 p.m.•17 views

Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a IBM WebSphere Application Server Liberty vulnerability

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty information disclosure vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

7.5CVSS7.2AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/12 7:23 p.m.•29 views

Security Bulletin: IBM Transformation Extender Advanced is affected by a vulnerability in its dependencies

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable in it's dependencies on Apache Commons FileUpload Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused b...

7.5CVSS7.5AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/12 9:26 a.m.•35 views

Security Bulletin: Potential Directory Traversal Vulnerability in Apache Ant shipped with IBM Operations Analytics - Log Analysis (CVE-2022-48285)

Summary There is a potential directory traversal vulnerability via a crafted zip in Apache Ant Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files are loaded with...

7.3CVSS7.5AI score0.01411EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/12 9:24 a.m.•35 views

Security Bulletin: Potential Vulnerability in Apache Solr and Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis (CVE-2022-24823)

Summary There is a potential Netty vulnerability in Apache Solr and Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis. This has been fixed Vulnerability Details CVEID:CVE-2022-24823 DESCRIPTION: Netty could allow a local authenticated attacker to obtain sensitive information,...

5.5CVSS6.6AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/12 9:22 a.m.•15 views

Security Bulletin: Potential denial of service vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2021-33813)

Summary An XXE issue allows attacker to cause denial of service in Apache Solr. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: JDOM is vulnerable to a denial of service, caused by an XXE issue in SAXBuilder. By sending a specially-crafted HTTP request, a remote attacker could exploit thi...

7.5CVSS7.4AI score0.19442EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/12 9:19 a.m.•26 views

Security Bulletin: Vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis (CVE-2018-18928)

Summary Apache Solr is vulnerable to integer overflow. This has been addressed. Vulnerability Details CVEID:CVE-2018-18928 DESCRIPTION: International Components for Unicode ICU is vulnerable to a denial of service, caused by an integer overflow in the...

9.8CVSS9AI score0.02918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/12 6:57 a.m.•32 views

Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2022-29181, CVE-2022-23476)

Summary There are multple nokogiri vulnerabilities in Logstash that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details CVEID:CVE-2022-29181 DESCRIPTION: Nokogiri is vulnerable to a denial of service, caused by improper handling of unexpected data type...

8.2CVSS7.8AI score0.02886EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/12 5:50 a.m.•20 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS6.8AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/12 4:15 a.m.•14 views

Security Bulletin: IBM Concert Software is vulnerable to session hijacking (CVE-2024-43180)

Summary IBM Concert cookie settings are vulnerable to session hijacking. Vulnerability Details CVEID:CVE-2024-43180 DESCRIPTION: IBM Concert does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a...

4.3CVSS4.1AI score0.0022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/11 11:24 a.m.•37 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management Core Framework.

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 Core Framework IF27 patch. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no...

7.5CVSS7.3AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/11 10:24 a.m.•30 views

Security Bulletin: Vulnerability of okhttp-3.9.0.jar is affecting APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent and APM Data Collector for J2SE

Summary APM WebSphere Application Server Agent, APM Tomcat Agent, APM SAP NetWeaver Java Stack Agent and APM Data Collector for J2SE are vulnerable to okhttp-3.9.0.jar CVE-2023-0833. The workaround includes okhttp-3.9.0.jar upgraded to okhttp-4.12.0.jar. Vulnerability Details CVEID:CVE-2023-0833...

5.5CVSS5.8AI score0.00436EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/11 10:22 a.m.•32 views

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2023-46589)

Summary IBM Security SOAR uses an older version of Apache Tomcat that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.3.0 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION:...

7.5CVSS7.7AI score0.04602EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/11 8:43 a.m.•60 views

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-6874 DESCRIPTION: cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a...

9.1CVSS7.5AI score0.66594EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/11 7:34 a.m.•28 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in April 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21094...

7.5CVSS5.8AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 7:15 p.m.•19 views

Security Bulletin: IBM InfoSphere Information Server is affected by an arbitrary code execution vulnerability in pypa/setuptools (CVE-2024-6345)

Summary An arbitrary code execution vulnerability in pypa/setuptools that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the...

8.8CVSS7.4AI score0.01939EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 7:6 p.m.•17 views

Security Bulletin: IBM InfoSphere Information Server is affected by a security vulnerability in zipp (CVE-2024-5569)

Summary A security vulnerability in zipp that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in the Path module. By using a specially crafted zip file, a loca...

6.2CVSS6.1AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 6:57 p.m.•12 views

Security Bulletin: IBM InfoSphere Information Server is affected by a security vulnerability in Certifi python-certifi (CVE-2024-39689)

Summary A security vulnerability in Certifi python-certifi that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. An...

7.5CVSS7.2AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 6:44 p.m.•18 views

Security Bulletin: IBM InfoSphere Information Server is affected by a denial of service vulnerability in Undertow (CVE-2024-6162)

Summary A denial of service vulnerability in Undertow that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6162 DESCRIPTION: Undertow is vulnerable to a denial of service, caused by a flaw with URL-encoded request path information can be broken for...

7.5CVSS7.4AI score0.01702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 6:23 p.m.•29 views

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability in urllib3 (CVE-2024-37891)

Summary An information disclosure vulnerability in urllib3 that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the...

6.5CVSS4.9AI score0.01141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 3:20 p.m.•15 views

Security Bulletin: Vulnerability in tpm2-tss library (CVE-2023-22745) affects Power HMC.

Summary The tpm2-tss library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-22745 DESCRIPTION: tpm2-tss is vulnerable to a buffer overflow, caused by improper bounds checking by the Tss2RCSetHandler and Tss2RCDecode...

6.4CVSS8.2AI score0.00519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 3:20 p.m.•29 views

Security Bulletin: Vulnerability in shadow-utils library (CVE-2023-4641) affects Power HMC.

Summary The shadow-utils library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-4641 DESCRIPTION: shadow-maint shadow-utils could allow a local authenticated attacker to obtain sensitive information, caused by failing t...

5.5CVSS7.1AI score0.00257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 3:19 p.m.•36 views

Security Bulletin: Vulnerability in bind library (CVE-2022-3094) affects Power HMC.

Summary The bind library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-3094 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the allocation of memory prior to the checking of access permissions ACL...

7.5CVSS7.8AI score0.13108EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 3:19 p.m.•32 views

Security Bulletin: Vulnerability in Apache Tomcat Server (CVE-2024-34750) affects Power HMC.

Summary The Apache Tomcat Server is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by a flaw when processing an HTTP/2 stream. By sending...

7.5CVSS7.4AI score0.04602EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 3:18 p.m.•48 views

Security Bulletin: Vulnerabilities in openssl library (CVE-2023-3446, CVE-2023-3817, CVE-2023-5678) affect Power HMC.

Summary The openssl library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functio...

5.3CVSS6.4AI score0.05533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 3:17 p.m.•22 views

Security Bulletin: Vulnerability in nss library (CVE-2023-5388) affects Power HMC.

Summary The nss library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5388 DESCRIPTION: Red Hat Enterprise Linux could allow a remote authenticated attacker to obtain sensitive information, caused by an observable timi...

6.5CVSS6.2AI score0.00816EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 3:16 p.m.•29 views

Security Bulletin: Vulnerability in libxml2 library (CVE-2023-39615) affects Power HMC.

Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-39615 DESCRIPTION: Xmlsoft Libxml2 is vulnerable to a denial of service, caused by a global buffer overflow in the xmlSAX2StartElement function ...

6.5CVSS7.1AI score0.00667EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 3:16 p.m.•38 views

Security Bulletin: Vulnerability in nss library (CVE-2023-6135) affects Power HMC.

Summary The nss library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-6135 DESCRIPTION: Mozilla Network Security Services NSS NIST curves, as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive...

4.3CVSS6AI score0.00714EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 2:52 p.m.•26 views

Security Bulletin: Vulnerability in expat library (CVE-2023-52425) affects Power HMC.

Summary The expat library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by improper system resource allocation. By sending a specially crafted...

7.5CVSS7.5AI score0.01815EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 2:51 p.m.•36 views

Security Bulletin: Vulnerabilities in shim library (CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551) affect Power HMC.

Summary The shim library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-40546 DESCRIPTION: rhboot shim is vulnerable to a denial of service, caused by a NULL pointer dereference f;aw in the mirroroneesl function in...

8.3CVSS8.5AI score0.04852EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 10:39 a.m.•17 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50315)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

5.9CVSS5.5AI score0.00268EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/10 5:21 a.m.•15 views

Security Bulletin: IBM Automation Decision Services for August 2024 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-5321...

6.1CVSS7.2AI score0.00312EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 9:26 p.m.•14 views

Security Bulletin: IBM OpenPages exposes client-side source code through use of JavaScript source maps (CVE-2024-27257)

Summary A vulnerability caused by exposure of information about IBM OpenPages client-side source code through use of JavaScript source maps to unauthorized users is addressed. Vulnerability Details CVEID:CVE-2024-27257 DESCRIPTION: IBM OpenPages potentially exposes information about client-side...

4.3CVSS4.4AI score0.00304EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 6:48 p.m.•36 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multible go-git vulnerabilities.

Summary Potential go-git vulnerabilities CVE-2023-49568, CVE-2023-49569 have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-49568 DESCRIPTIO...

9.8CVSS9.5AI score0.01523EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 1:24 p.m.•22 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to SQL injection (CVE-2024-40689)

Summary A SQL injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-40689 DESCRIPTION: IBM InfoSphere Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to...

9.8CVSS6.3AI score0.00538EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:21 a.m.•22 views

Security Bulletin: IBM Maximo Asset Management - A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-22354)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7CVSS7.2AI score0.00649EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:21 a.m.•13 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses aiohttp-3.9.5-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367 Vulnerability Details CVEID:CVE-2024-42367 DESCRIPTION: aio-libs aiohttp ould allow a remote...

4.8CVSS4.9AI score0.00645EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:19 a.m.•15 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569 Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in th...

6.2CVSS6.1AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:18 a.m.•16 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component usesidna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component usesidna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted...

7.5CVSS7.2AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:17 a.m.•21 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-2024-37891

Summary IBM Maximo Application Suite - Predict Component component uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-202437891 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, cause...

6.5CVSS5AI score0.01141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:16 a.m.•14 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses requests-2.31.0-py3-none-any.whl which is vulnerable to this CVE-2024-35195

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses requests-2.31.0-py3-none-any.whl which is vulnerable to this CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security...

5.6CVSS5.5AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:14 a.m.•15 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

4.8CVSS4.8AI score0.00645EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:13 a.m.•19 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is...

6.2CVSS6.1AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:12 a.m.•21 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155

Summary IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerab...

6.1CVSS6.5AI score0.00719EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:10 a.m.•24 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component usesscikit_learn-1.3.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-5206

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesscikitlearn-1.3.2-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

4.7CVSS4.8AI score0.00187EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 7:8 a.m.•68 views

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

8.1CVSS9.1AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 5:29 a.m.•28 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

7.5CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 3:43 p.m.•51 views

Security Bulletin: IBM DataPower Gateway vulnerable to multiple kernel CVEs

Summary IBM DataPower Gateway has addressed multiple CVEs in 10.5.0.12 Vulnerability Details CVEID:CVE-2023-2162 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a use-after-free flaw in the iscsiswtcpsessioncreate function in drivers/scsi/iscsitcp...

7.5CVSS8.9AI score0.00544EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35715