Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35068 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 3:16 p.m.•25 views

Security Bulletin: Vulnerability in Pallets Werkzeug affects IBM Process Mining CVE-2024-34069

Summary There is a vulnerability in Pallets Werkzeug that could allow an attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-34069...

7.5CVSS8.2AI score0.4365EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 3:0 p.m.•16 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-37532)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

8.8CVSS8.5AI score0.00134EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 2:18 p.m.•21 views

Security Bulletin: IBM Master Data Management is vulnerable to identity spoofing caused by vulnerabilites in IBM WebSphere Application Server

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability to identity spoofing in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Vulnerability Details...

8.8CVSS8.4AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:48 p.m.•27 views

Security Bulletin: An unspecified IBM SDK, Java Technology Edition vulnerability affects InfoSphere Data Replication

Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity impact,...

5.9CVSS5.7AI score0.00098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:47 p.m.•23 views

Security Bulletin: An unspecified IBM SDK, Java Technology Edition vulnerability affects InfoSphere Data Replication

Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CVSS Base score: 3.7...

3.7CVSS4.8AI score0.00141EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:46 p.m.•31 views

Security Bulletin: A vulnerability in github.com/containerd/containerd-v1.6.17 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the github.com/containerd/containerd-v1.6.17 package has been addressed. Vulnerability Details CVEID:CVE-2023-25173 DESCRIPTION: containerd could allow a local authenticated attacker to bypass security restrictions, caused by improper setup for supplementary groups insi...

7.8CVSS6.6AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:46 p.m.•26 views

Security Bulletin: A vulnerability in urllib3 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the urllib3 package has been addressed. Vulnerability Details CVEID:CVE-2021-33503 DESCRIPTION: urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw due to catastrophic backtracking. By sending a specially-crafted URL...

7.5CVSS7.5AI score0.00863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:45 p.m.•24 views

Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the Go package has been addressed. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the ScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go has an unknown impact and attack vector. CVSS Base...

5.3CVSS7.1AI score0.00026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:45 p.m.•23 views

Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the Go package has been addressed. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote...

7.5CVSS8.4AI score0.0002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:44 p.m.•25 views

Security Bulletin: A vulnerability in setuptools affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the setuptools package has been addressed. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regular expression, an remote attack...

5.9CVSS6.8AI score0.00513EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:43 p.m.•31 views

Security Bulletin: A vulnerability in urllib3 affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the urllib3 package has been addressed. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib3 is vulnerable to CRLF injection, caused by improper validation of user-supplied input by the request parameter. By sending a specially-crafted HTTP response...

6.1CVSS6.8AI score0.00609EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:42 p.m.•20 views

Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the containerd package has been addressed. Vulnerability Details CVEID:CVE-2022-31030 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local...

5.5CVSS5.7AI score0.00158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:42 p.m.•22 views

Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the containerd package has been addressed. Vulnerability Details CVEID:CVE-2022-23471 DESCRIPTION: containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request, a remote authenticated attacker could...

6.5CVSS6.2AI score0.00259EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:41 p.m.•32 views

Security Bulletin: A vulnerability in Go affects Data Replication on Cloud Pak for Data

Summary A vulnerability in the package Go has been addressed. Vulnerability Details CVEID:CVE-2022-41725 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when perform multipart form parsing with mime/multipart.Reader.ReadForm. By sending a specially-crafted request, a...

7.5CVSS8.4AI score0.00065EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 12:40 p.m.•18 views

Security Bulletin: InfoSphere Data Replication is affected by a guava package vulnerbility (CVE-2023-2976)

Summary InfoSphere Data Replication uses the guava package. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw wit...

7.1CVSS6AI score0.00065EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/28 8:15 a.m.•29 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser may affect IBM Storage Protect for Space Management

Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery,, denial of service, and arbitrary code execution, as described in the "Vulnerability...

9.8CVSS7.5AI score0.00499EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 10:37 p.m.•42 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM WebSphere Application Server Liberty used by IBM Cognos Analytics. IBM Cognos Analytics has addressed these vulnerabilities by upgrading IBM® Java™ and IBM WebSphere Application Server Liberty. There are vulnerabilities in...

7.5CVSS10AI score0.03173EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 10:33 p.m.•28 views

Security Bulletin: IBM Cognos Analytics has addressed security vulnerabilities in JupyterHub, R Programming Language and Apache MINA (CVE-2024-28233, CVE-2024-27322, CVE-2019-0231, CVE-2021-41973)

Summary IBM Cognos Analytics is vulnerable to a cross-site scripting vulnerability XSS in JupyterHub and remote code execution RCE vulnerability in R Programming Language which is used by Jupyter Notebook. IBM Cognos Analytics has addressed a Denial of Service DOS vulnerability and an Information...

8.8CVSS9AI score0.04526EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 7:55 p.m.•42 views

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server and Java which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSpher...

7.5CVSS8.4AI score0.04473EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 6:34 p.m.•57 views

Security Bulletin: IBM Security Guardium is affected by an Improper Restriction of Excessive Authentication Attempts vulnerability (CVE-2022-43904)

Summary IBM Security Guardium has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-43904 DESCRIPTION: IBM Security Guardium could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. CVSS Base score: 7.5 CVSS Temporal...

7.5CVSS7.4AI score0.00078EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 3:24 p.m.•21 views

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure

Summary IBM QRadar Suite software is vulnerable to information exposure through cache data. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...

4CVSS4.2AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 1:14 p.m.•23 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for June 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...

8.2CVSS8.1AI score0.75933EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 11:42 a.m.•22 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to identity spoofing. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Jazz for...

8.8CVSS8.5AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 9:6 a.m.•44 views

Security Bulletin: Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool.

Summary IBM License Metric Tool is affected by Bouncy Castle Cryptography vulnerabilities. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verification code. By...

7.5CVSS7.2AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 9:5 a.m.•41 views

Security Bulletin: Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool.

Summary There are security vulnerabilities in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are...

7.5CVSS7.5AI score0.00383EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 8:34 a.m.•40 views

Security Bulletin: Vulnerabilities in Jinja, idna & cryptography can affect IBM Storage Protect Plus Microsoft File Systems Backup and Restore

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Jinja, idna & cryptography which include cross-site scripting & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...

7.5CVSS7.7AI score0.0123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 7:46 a.m.•41 views

Security Bulletin: IBM Instana Observability is vulnerable to SQL injection due to PostgreSQL driver and toolkit for Go, known as pgx.

Summary PostgreSQL driver and toolkit for Go, known as pgx is used by IBM Instana Observability Using third-party datastore Operators as part of the postgres operator CVE-2024-27304. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-2730...

9.8CVSS9.9AI score0.01875EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 6:52 a.m.•25 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is vulnerable to cross-site scripting in the administrative console (CVE-2024-35153).

Summary The security issue described in CVE-2024-35153 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

4.8CVSS5.2AI score0.00309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 12:29 a.m.•35 views

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See:...

7.5CVSS6.4AI score0.00261EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 12:28 a.m.•38 views

Security Bulletin: IBM MQ is affected by a vulnerability in Eclipse Jetty (CVE-2024-22201)

Summary An issue was found in Eclipse Jetty that is shipped with the IBM MQ Explorer. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP congested. By sending a specially crafted request, ...

7.5CVSS7.4AI score0.00559EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 12:28 a.m.•45 views

Security Bulletin: IBM MQ is affected by a vulnerability in the IBM Runtime Environment, Java Technology Edition (CVE-2024-21085)

Summary An issue was identified with IBM Runtime Environment, Java Technology Edition, Version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low...

3.7CVSS4.7AI score0.001EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 12:28 a.m.•49 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary Multiple issues were identified with IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...

7.5CVSS7.1AI score0.00383EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/27 12:27 a.m.•39 views

Security Bulletin: IBM MQ is vulnerable to a denial of service attack (CVE-2024-31919)

Summary IBM MQ has addressed a denial of service vulnerability caused by an error processing messages when an API Exit using MQBUFMH is used. Vulnerability Details CVEID:CVE-2024-31919 DESCRIPTION: IBM MQ, in certain configurations, is vulnerable to a denial of service attack caused by an error...

7.5CVSS6.5AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 10:30 p.m.•68 views

Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.

Summary IBM MQ Appliance has addressed multiple open source vulnerabilities CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086. Vulnerability Details CVEID:CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...

7.8CVSS8.6AI score0.84554EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 10:29 p.m.•34 views

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2024-2511)

Summary IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...

5.9CVSS6.2AI score0.08833EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 10:29 p.m.•44 views

Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)

Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using...

6.1CVSS6.5AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 10:29 p.m.•41 views

Security Bulletin: IBM MQ Appliance is vulnerable to XML External Entity (XXE) injection and server-side request forgery (CVE-2024-22354 & CVE-2024-22329)

Summary IBM MQ Appliance has addressed XML External Entity XXE injection and server-side request forgery vulnerabilities. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are...

7CVSS6.3AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 10:28 p.m.•60 views

Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...

5.9CVSS6.5AI score0.51662EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 10:28 p.m.•33 views

Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See:...

7.5CVSS6.4AI score0.00261EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 8:51 p.m.•26 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-37532

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

8.8CVSS8.5AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 7:30 p.m.•55 views

Security Bulletin: IBM MQ is vulnerable to a privilege escalation attack (CVE-2024-31912)

Summary IBM MQ has addressed a privilege escalation vulnerability. Vulnerability Details CVEID:CVE-2024-31912 DESCRIPTION: IBM MQ could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. CVSS Base score: 7.5 CVSS Temporal...

8.8CVSS8.2AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 7:29 p.m.•27 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-35155)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-35155 DESCRIPTION: IBM MQ Console could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the...

6.5CVSS6.5AI score0.00113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 7:29 p.m.•42 views

Security Bulletin: IBM MQ is affected by a password disclosure vulnerability (CVE-2024-35156)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ REST API. Vulnerability Details CVEID:CVE-2024-35156 DESCRIPTION: IBM MQ could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informatio...

6.5CVSS6.5AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 4:24 p.m.•30 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section...

6.5CVSS6.1AI score0.00032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 4:24 p.m.•28 views

Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section...

6.5CVSS6.1AI score0.00032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 4:23 p.m.•40 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty and libcurl may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty and libcurl. The flaws can lead to weaker than expected security for outbound TLS connections and bypass of security restrictions, as described in the "Vulnerability...

6.5CVSS7.1AI score0.00213EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 4:22 p.m.•31 views

Security Bulletin: IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component ( CVE-2024-25710,CVE-2024-26308).

Summary IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component. Apache Flink uses Commons Compress for handling compressed files and formats, enabling efficient data processing and storage. Vulnerability Details CVEID:CVE-2024-25710...

8.1CVSS6.6AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 3:4 p.m.•22 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

4.8CVSS5AI score0.00309EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 2:54 p.m.•23 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to follow-redirects arbitrary phishing attack vulnerability ( CVE-2023-26159)

Summary Potential follow-redirects arbitrary phishing attack vulnerability CVE-2023-26159 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

7.3CVSS6.8AI score0.00101EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/26 2:53 p.m.•16 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting (CVE-2024-35153)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

4.8CVSS5AI score0.00309EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35068