Lucene search
K

35726 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:19 a.m.•15 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569 Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite loop flaw in th...

6.2CVSS6.1AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:18 a.m.•16 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component usesidna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component usesidna-3.6-py3-none-any.whl which is vulnerable to this CVE-2024-3651 Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: idna could allow a local user to cause a denial of service using a specially crafted...

7.5CVSS7.2AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:17 a.m.•21 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-2024-37891

Summary IBM Maximo Application Suite - Predict Component component uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to this CVE-202437891 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, cause...

6.5CVSS5AI score0.01141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:16 a.m.•14 views

Security Bulletin: IBM Maximo Application Suite - Predict Component component uses requests-2.31.0-py3-none-any.whl which is vulnerable to this CVE-2024-35195

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component component uses requests-2.31.0-py3-none-any.whl which is vulnerable to this CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security...

5.6CVSS5.5AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:14 a.m.•15 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-42367

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesaiohttp-3.9.5-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-42367. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

4.8CVSS4.8AI score0.00645EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:13 a.m.•19 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component uses zipp-3.15.0-py3-none-any.whl which is vulnerable to this CVE-2024-5569. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is...

6.2CVSS6.1AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:12 a.m.•21 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155

Summary IBM Maximo Application Suite - AI Broker component uses request-2.88.2.tgz which is vulnerable to this CVE-2023-28155. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: Node.js Request module is vulnerab...

6.1CVSS6.5AI score0.00719EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 8:10 a.m.•24 views

Security Bulletin: IBM Maximo Application Suite - AI Broker component usesscikit_learn-1.3.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to this CVE-2024-5206

Summary Security Bulletin: IBM Maximo Application Suite - AI Broker component usesscikitlearn-1.3.2-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to this CVE-2024-5206. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

4.7CVSS4.8AI score0.00187EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 7:8 a.m.•68 views

Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)

Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...

8.1CVSS9.1AI score0.03028EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/09 5:29 a.m.•28 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)

Summary IBM Sterling Partner Engagement Manager uses FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denial of service, caused by a stack-overflow in parsing YAML files. By persuading a victim to open a specially crafted file, a...

7.5CVSS6.9AI score0.02824EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 3:43 p.m.•51 views

Security Bulletin: IBM DataPower Gateway vulnerable to multiple kernel CVEs

Summary IBM DataPower Gateway has addressed multiple CVEs in 10.5.0.12 Vulnerability Details CVEID:CVE-2023-2162 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a use-after-free flaw in the iscsiswtcpsessioncreate function in drivers/scsi/iscsitcp...

7.5CVSS8.9AI score0.00544EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 12:19 p.m.•16 views

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in IBM® License Key Server(CVE-2023-50945 and CVE-2023-50946)

Summary A vulnerability in IBM License Key Server Administration and Reporting Tool, and Agent allowed users' stored passwords to be exposed through the browser's console. This issue could potentially lead to unauthorized access to user accounts if an attacker gained access to the logged-in user'...

6.5CVSS6AI score0.00262EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 9:28 a.m.•49 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to denial of service, privilege escalation and kerberos 5

Summary Kerberos 5 and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation, and privilege escalation which may lead to bypassing security restrictions. This bulletin identifies the steps required to address these...

9.1CVSS8.1AI score0.01863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 8:41 a.m.•19 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2024-25026)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS6.4AI score0.00792EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 8:38 a.m.•25 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature.(CVE-2024-22353)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7.5CVSS7.7AI score0.00818EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 8:33 a.m.•43 views

Security Bulletin: Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022)

Summary There are multple cross site scripting vulnerabilities in Apache Ant that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

6.9CVSS6.8AI score0.99019EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 8:31 a.m.•16 views

Security Bulletin: There is a vulnerability in tinymce-6.8.1.min.js used by IBM Maximo Asset Management application (CVE-2024-38357, CVE-2024-38356)

Summary There is a vulnerability in tinymce-6.8.1.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-38357 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the noscript elements. A remote...

6.1CVSS6AI score0.00529EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 8:29 a.m.•13 views

Security Bulletin: There is a vulnerability in Manage Componenet used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-37068)

Summary There is a vulnerability in Manage Componenet used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-37068 DESCRIPTION: IBM Maximo Application Suite - Manage Component uses weaker than expected cryptographic algorithms that could allow ...

7.5CVSS6.1AI score0.00247EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 8:28 a.m.•26 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50313)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS6.6AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 8:22 a.m.•40 views

Security Bulletin: Multiple vulnerabilities in Netty affect Apache Solr, Apache Zookeeper and Logstash shipped with IBM Operations Analytics - Log Analysis

Summary There are vulnerabilities in various versions of Netty that affect Apache Solr, Apache Zookeeper and Logstash. The vulnerabilities are in Vulnerability Details section Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw i...

9.1CVSS8.3AI score0.25448EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/06 8:13 a.m.•12 views

Security Bulletin: Netty vulnerability in Apache Solr affect IBM Operations Analytics - Log Analysis

Summary There is a potential validation vulnerability in Netty that is used by Apache Solr. This has been addressed Vulnerability Details IBM X-Force ID: 221368 DESCRIPTION: Netty is vulnerable to a man-in-the-middle attack, caused by improper hostname verification. An attacker could exploit this...

6.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 10:14 p.m.•21 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in requirejs

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of requirejs. Vulnerability Details CVEID:CVE-2024-38999 DESCRIPTION: jrburke requirejs could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the function...

10CVSS9.8AI score0.00749EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 10:2 p.m.•17 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in guava-23.0.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of guava-23.0.jar Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with using Java's default...

7.1CVSS6.7AI score0.00248EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 9:58 p.m.•31 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in google-protobuf-3.11.2.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of google-protobuf-3.11.2.gem Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial of service, caused by a flaw in the parsing procedure for binary and te...

7.5CVSS7.3AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 9:54 p.m.•57 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in elasticsearch-7.10.2.jar

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of elasticsearch-7.10.2.jar Vulnerability Details CVEID:CVE-2023-31418 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by uncontrolled resource consumption. By sending a moderate...

7.5CVSS6.8AI score0.60679EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 9:50 p.m.•20 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenCV

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenCV Vulnerability Details CVEID:CVE-2023-2617 DESCRIPTION: OpenCV wechatqrcode Module is vulnerable to a denial of service, caused by a flaw in the DecodedBitStreamParser::decodeByteSegment function at...

7.5CVSS7.5AI score0.01356EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 9:46 p.m.•51 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in OpenSSH

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of OpenSSH Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a signal handler race condition. By sending a specially...

8.1CVSS8.5AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 9:34 p.m.•29 views

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by an issue in OpenSSL (CVE-2024-2511)

Summary An issue was identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the IBM i...

5.9CVSS6.5AI score0.54026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 9:25 p.m.•31 views

Security Bulletin: IBM MQ Console is affected by a security bypass vulnerablity (CVE-2024-40681)

Summary IBM MQ has addressed a security bypass vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-40681 DESCRIPTION: IBM MQ could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. CVSS...

8.8CVSS7.5AI score0.00484EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 8:5 p.m.•73 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF002

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF002 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite...

8.4CVSS9.3AI score0.00887EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 7:25 p.m.•29 views

Security Bulletin: IBM OpenPages vulnerable to exposure of sensitive information through improper authorization controls on APIs. (CVE-2024-35151)

Summary A vulnerability caused by improper authorization checks could allow authenticated users access to sensitive information through APIs. Vulnerability Details CVEID:CVE-2024-35151 DESCRIPTION: IBM OpenPages with Watson could allow authenticated users access to sensitive information through...

6.5CVSS6.4AI score0.00439EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 7:12 p.m.•84 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request...

9.8CVSS9.8AI score0.99957EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 7:5 p.m.•24 views

Security Bulletin: Vulnerability in Golang Go affects watsonx.data

Summary Golang Go could allow a remote attacker to obtain sensitive information vis a flaw in the Faccessat function when called with a non-zero flags parameter. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-29526 DESCRIPTION: Golang Go could allow a remote attacker to obta...

5.3CVSS6.6AI score0.02593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:54 p.m.•10 views

Security Bulletin: Vulnerability in QOS.CH reload4j affects watsonx.data

Summary QOS.CH reload4j could allow a remote attacker access to sensitive information or perform server-side attacks on watsonx.data. Vulnerability Details IBM X-Force ID: 294027 DESCRIPTION: QOS.CH reload4j allow a remote attacker to obtain sensitive information, caused by improper handling of X...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:52 p.m.•19 views

Security Bulletin: Vulnerability in QOS.ch Sarl Logback affects watsonx.data

Summary A serialization vulnerability in logback receiver component part of QOS.ch Sarl Logback allows an attacker to mount a Denial-Of-Service attack on watsonx.data by sending poisoned data. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-6378 DESCRIPTION: QOS.ch Sarl Logback...

7.5CVSS7.4AI score0.009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:50 p.m.•38 views

Security Bulletin: Vulnerability in Go affects watsonx.data

Summary Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-41721 DESCRIPTION: Golang Go is vulnerable to HTTP request smuggling, caused by a flaw when using MaxBytesHandler. By sendin...

7.5CVSS7.2AI score0.01814EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:48 p.m.•24 views

Security Bulletin: Vulnerability in Elastic Elasticsearch-Hadoop affects watsonx.data

Summary Elastic Elasticsearch-Hadoop could allow the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. As this occurs when the user has been authenticated, there is limited impact to watsonx.data. Vulnerabili...

7.8CVSS8.1AI score0.00243EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:38 p.m.•39 views

Security Bulletin: Vulnerabilities in Eclipse Jetty and JUnit4 affect watsonx.data

Summary Eclipse Jetty could allow remote attacks to obtain sensitive information and JUnit4 could allow a local attacker to obtain sensitive information. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-10246 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain...

5.5CVSS7AI score0.05782EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:34 p.m.•26 views

Security Bulletin: Vulnerability in Go affects watsonx.data

Summary TheScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go have an unspecified error that returns an incorrect result which has an unknown impact and attack vector. watsonx.data may be affected by this. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified...

5.3CVSS7.2AI score0.00817EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:20 p.m.•97 views

Security Bulletin: IBM HTTP Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server (CVE-2024-24795, CVE-2023-38709)

Summary IBM HTTP Server used by IBM WebSphere Application Server is vulnerable to HTTP response splitting due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-24795 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by a flaw in multip...

7.3CVSS6.5AI score0.03914EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:12 p.m.•24 views

Security Bulletin: Vulnerability in Eclipse Openj9 affects watsonx.data

Summary Eclipse Openj9 could allow a remote attacker to bypass security restrictions, where memory could be accessed or modified. This exploit can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security...

6.5CVSS6.6AI score0.00589EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:10 p.m.•38 views

Security Bulletin: Vulnerability in Apache Hadoop affects watsonx.data

Summary For CVE-2018-11768, a remote hacker could exploit a vulnerability in Apache Hadoop caused by a mismatch in the size of the fields used to store user/group information between memory and disk representation. For CVE-2020-9492, a remote attacker could gain elevated privileges on the system,...

8.8CVSS8.4AI score0.06554EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:7 p.m.•43 views

Security Bulletin: Vulnerability in Google OAuth Client Library affects watsonx.data

Summary Google OAuth Client Library for Java could allow a remote attacker to bypass security restrictions, caused by improper verification of token signatures. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass verification on the client side or to gai...

9.1CVSS8.1AI score0.01587EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:5 p.m.•23 views

Security Bulletin: Vulnerability in Eclipse Jetty affects watsonx.data

Summary Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connection...

7.5CVSS7.3AI score0.01433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:3 p.m.•23 views

Security Bulletin: Vulnerability in QOS.ch Sarl Logback affects watsonx.data

Summary A serialization vulnerability in logback receiver component part of QOS.ch Sarl Logback allows an attacker to mount a Denial-Of-Service attack to watsonx.data by sending poisoned data. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of...

7.5CVSS7.2AI score0.00682EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 6:1 p.m.•23 views

Security Bulletin: Vulnerability in Oracle Java SE affects watsonx.data

Summary An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSSE component could allow an unauthenticated attacker to cause high confidentiality impact and high integrity impact. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-21930...

7.4CVSS8.1AI score0.01295EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 5:58 p.m.•19 views

Security Bulletin: Vulnerability in Airlift aircompressor affects watsonx.data

Summary Airlift aircompressor could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read/write flaw in the decompressor implementations. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a loc...

8.6CVSS8.1AI score0.00504EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 5:56 p.m.•26 views

Security Bulletin: Vulnerability in Python affects watsonx.data

Summary Python could provide weaker than expected security caused by an issue with tempfile. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-6597 DESCRIPTION: Python could provide weaker than expected security, caused by an issue with tempfile.TemporaryDirectory fails removing...

7.8CVSS7.7AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 5:54 p.m.•50 views

Security Bulletin: Vulnerability in Certifi python-certifi

Summary Certifi python-certifi could provide weaker than expected security, caused by the use of GLOBALTRUST root certificate. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by the us...

7.5CVSS7.3AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 5:49 p.m.•30 views

Security Bulletin: Vulnerability in Apache Druid affects watsonx.data

Summary It is possible for an authenticated user to send a specially-crafted request that forces Apache Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid...

9CVSS8.8AI score0.99301EPSS
Exploits7Affected Software1
Total number of security vulnerabilities35726