Lucene search
K

35726 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 5:47 p.m.•19 views

Security Bulletin: Vulnerability in Eclipse Jetty affects watsonx.data

Summary In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a vulnerability that could prevent properly cleaning up the active connections and associated resources. This can lead to a Denial of Service condition in watsonx.data where...

7.5CVSS7.3AI score0.0227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 5:44 p.m.•26 views

Security Bulletin: Vulnerabilities in snappy-java affect watsonx.data

Summary Snappy-java is vulnerable to denial of service attacks cause by integer overflows and unchecked chunk lengths. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by an integer overflow in the...

7.5CVSS7.8AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 5:42 p.m.•26 views

Security Bulletin: Vulnerabilities in snappy-java affect watsonx.data

Summary Snappy-java is vulnerable to a denial of service, caused by either an integer overflow, use of an unchecked chunk length or missing upper bound check on chunk length. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34453 DESCRIPTION: snappy-java is vulnerable to a deni...

7.5CVSS7.8AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 4:45 p.m.•20 views

Security Bulletin: IBM MQ for HPE NonStop Server is vulnerable to a denial of service attack (CVE-2024-35116)

Summary IBM MQ for HPE NonStop Server has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-35116 DESCRIPTION: IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM...

7.5CVSS7.4AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 4:45 p.m.•20 views

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2024-2511

Summary IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2024-2511 Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a...

5.9CVSS6.3AI score0.54026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 4:42 p.m.•26 views

Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-39338, CVE-2024-4068, CVE-2021-23727)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw...

7.5CVSS8.1AI score0.03877EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 4:32 p.m.•18 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a Denial of Service (CVE-2024-41818)

Summary There is a vulnerability in fast-xml-parser used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-41818 DESCRIPTION: Natural Intelligence fast-xml-parser is...

7.5CVSS7.4AI score0.00828EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 4:25 p.m.•8 views

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a separated security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 4:24 p.m.•43 views

Security Bulletin: IBM MQ Appliance vulnerable to bypassing security restrictions (CVE-2024-40681)

Summary IBM MQ Appliance has addressed a security bypass vulnerablity. Vulnerability Details CVEID:CVE-2024-40681 DESCRIPTION: IBM MQ could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. CVSS Base score: 7...

8.8CVSS7.5AI score0.00484EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 4:23 p.m.•55 views

Security Bulletin: IBM MQ Appliance is vulnerable to exposure of sensitive information (CVE-2023-5981 and CVE-2024-0533)

Summary IBM MQ Appliance has addressed GNU GnuTLS exposure of sensitive information vulnerabilities. Vulnerability Details CVEID:CVE-2023-5981 DESCRIPTION: GNU GnuTLS could allow a remote attacker to obtain sensitive information, caused by a timing sidechannel issue during RSA-PSK key exchange. B...

8.3CVSS6.6AI score0.01731EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 10:4 a.m.•19 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat (CVE-2024-34750)

Summary IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat CVE-2024-34750. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, cause...

7.5CVSS7.4AI score0.04602EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/05 5:41 a.m.•15 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2023-50315)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

5.9CVSS5.4AI score0.00268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 10:28 p.m.•33 views

Security Bulletin: Vulnerabilities in PostgreSQL affect watsonx.data

Summary For CVE-2012-1618, when a user-provided input for JDBC statement parameters is not properly escaped, remote attackers can perform injection attacks which can affect watsonx.data. For CVE-2020-13692, the PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive...

8CVSS8.1AI score0.04094EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 10:20 p.m.•22 views

Security Bulletin: Vulnerability in Netty affects watsonx.data

Summary Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. B...

7.5CVSS8.2AI score0.01466EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 10:12 p.m.•23 views

Security Bulletin: Vulnerability in Apache Derby affects watsonx.data

Summary Apache Derby could allow a remote attacker to bypass security restrictions to view and corrupt sensitive data and run sensitive database functions and procedures. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attack...

9.8CVSS9.3AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 5:20 p.m.•20 views

Security Bulletin: IBM Aspera Faspex 5 has addressed multiple vulnerabilities (CVE-2024-45097, CVE-2024-45096, CVE-2024-45098)

Summary This Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Aspera Faspex 5.0.10 Vulnerability Details CVEID:CVE-2024-45097 DESCRIPTION: IBM Aspera Faspex could allow a user to bypass intended access restrictions and conduct resource modification. CVSS Base...

8.1CVSS6.7AI score0.00369EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 3:29 p.m.•37 views

Security Bulletin: Multiple vulnerabilities affect Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-22201, CVE-2023-51775)

Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as Indexing Engine server is vulnerable to denial of service. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw when an HTTP/2 connection gets TCP...

7.5CVSS6.9AI score0.01433EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 3:22 p.m.•38 views

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute...

7.3CVSS7.5AI score0.02054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 3:16 p.m.•45 views

Security Bulletin: ThreeTen Backport vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-23081,CVE-2024-23082)

Summary There is a potential denial of service vulnerability in ThreeTen Backport that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-23082 DESCRIPTION: ThreeTen Backport is vulnerable to a denial of service, caused by an integer overflow in...

3.3CVSS8.4AI score0.00269EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 2:44 p.m.•23 views

Security Bulletin: IBM Aspera Shares is vulnerable to multiple medium and low vulnerabilities (CVE-2023-2650, CVE-2018-25032, CVE-2021-3712, CVE-2021-4160, CVE-2023-0466, CVE-2023-0465)

Summary This Security Bulletin addresses multiple medium and low severity vulnerabilities that have been remediated in IBM Aspera Shares 1.10.0 PL4. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly...

7.5CVSS8.2AI score0.73461EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 2:41 p.m.•29 views

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / Open JDK Version 17, OpenJ9 used by DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21131 DESCRIPTION: An unspecified...

4.8CVSS5.8AI score0.01056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 2:41 p.m.•56 views

Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)

Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: The...

7.5CVSS7.2AI score0.011EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/04 4:37 a.m.•27 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer (CVE-2024-22354)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE CVE-2024-22354. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

7CVSS7.1AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 10:46 p.m.•31 views

Security Bulletin: vulnerability in OpenSSL affects IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by a vulnerability in OpenSSL that can cause denial of service CVE-2023-6237 Vulnerability Details CVEID:CVE-2023-6237 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVPPKEYpublicchec...

5.9CVSS6.1AI score0.02303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 10:45 p.m.•30 views

Security Bulletin: vulnerabilities in Apache Commons Compress affect IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by multiple vulnerabilities in Apache Commons Compress that can cause denial of service CVE-2024-25710, CVE-2024-26308 Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an...

8.1CVSS6.9AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 10:45 p.m.•17 views

Security Bulletin: IBM Workload Scheduler is affected by vulnerability found in glibc

Summary IBM Workload Scheduler is affected by vulnerability found in glibc that can cause Denial of Service CVE-2024-33601. Vulnerability Details CVEID:CVE-2024-33601 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a memory allocation failure when the Name Service Cache Daemon'...

7.3CVSS7.6AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 9:6 p.m.•26 views

Security Bulletin: Vunerablities in Netty affect watsonx.data

Summary Netty is vulnerable to denial of service attacks. For CVE-2021-37136, the Netty Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size used during decompression. A malicious input can trigger an Out Of...

7.5CVSS8.2AI score0.0628EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 9:4 p.m.•23 views

Security Bulletin: Vulnerability in FasterXML jackson-binary affects watsonx.data

Summary FasterXML jackson-dataformats-binary is vulnerable to a denial of service, caused by an unchecked allocation of byte buffer flaw. This could cause a java.lang.OutOfMemoryError exception in watsonx.data. Vulnerability Details CVEID:CVE-2020-28491 DESCRIPTION: FasterXML...

7.5CVSS7.4AI score0.03074EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 9:2 p.m.•19 views

Security Bulletin: Vulnerabilities in Elasticsearch affect watsonx.data

Summary Elasticsearch is vulnerable to local authenticated attacks to obtain sensitive information and denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-31417 DESCRIPTION: Elasticsearch could allow a local authenticated attacker to obtain sensitive...

7.5CVSS6.9AI score0.60679EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:58 p.m.•18 views

Security Bulletin: Vulnerability in Google Gson affects watsonx.data

Summary Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: Google Gson is vulnerable to a denial of service, caused by the deserialization of untrusted data. By...

7.7CVSS7.5AI score0.1158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:55 p.m.•21 views

Security Bulletin: Vulnerability in Apache Commons Compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service. For CVE-2021-35515, when reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. For CVE-2021-35516, when reading a specially crafted 7Z archive,...

7.5CVSS7.8AI score0.12697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:53 p.m.•28 views

Security Bulletin: Vulnerability in Cryptography package affects watsonx.data

Summary The Cryptography package is vulnerable to a denial of service, caused by a NULL pointer dereference in the pkcs12.serializekeyandcertificates process. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2024-26130 DESCRIPTION: cryptography is vulnerable to a denial of service,...

7.5CVSS7.4AI score0.00831EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:51 p.m.•28 views

Security Bulletin: Vulnerability in Apache Tomcat affects watsonx.data

Summary Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when a response did not have any HTTP headers set. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...

7.5CVSS7.4AI score0.01116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:49 p.m.•11 views

Security Bulletin: Vulnerability in Apache Commons Compress affects watsonx.data

Summary Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error when allocating large amounts of memory. For CVE-2021-35517, when reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out o...

7.5CVSS7.8AI score0.13292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:48 p.m.•30 views

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty is vulnerable to denial of service attacks and remote attack via restrictions bypass. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2015-2156 DESCRIPTION: Netty could allow a remote attacker to bypass restrictions, caused by the improper validation of characters in ...

7.8CVSS8.5AI score0.25448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:45 p.m.•25 views

Security Bulletin: Vulnerability in Eclipse Jetty affect watsonx.data

Summary Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a...

7.8CVSS7.3AI score0.53861EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:44 p.m.•16 views

Security Bulletin: Vulnerability in SnakeYaml affects watsonx.data

Summary SnakeYaml's Constructor class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml coul...

9.8CVSS9.5AI score0.99615EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:26 p.m.•40 views

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has multiple vulnerabilities that include HTTP request smuggling, remote attacks to obtain sensitive information, denial of service, and unspecified errors with return an incorrect results. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION:...

6.5CVSS7.8AI score0.05623EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:24 p.m.•21 views

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has multiple vulnerabilities that include HTTP injection, remote attacks to conduct query parameter smuggling, remote attackd to bypass security restrictions, and denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-32189 DESCRIPTION:...

7.5CVSS8.9AI score0.04561EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:23 p.m.•24 views

Security Bulletin: Vulnerabilities in Golang Go affect watsonx.data

Summary Golang Go has two denial of service vulnerabilities. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in net/http. By sending a specially-crafted request, a remote attacker could exploit...

7.5CVSS7.6AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:20 p.m.•21 views

Security Bulletin: Vulnerability in Golang Go affects watsonx.data

Summary Golang Go could allow a remote attacker to observe TLS handshakes information to correlate successive connections due to an issue with session tickets generated by crypto/tls. This may affect wastonx.data. Vulnerability Details CVEID:CVE-2022-30629 DESCRIPTION: Golang Go could allow a...

3.1CVSS6AI score0.0088EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:19 p.m.•21 views

Security Bulletin: Vulnerability in Golang Go affects watsonx.data

Summary Golang Go is vulnerable to a denial of service cause by improper input validation by the golang.org/x/text/language package. This may affect watsonx.data. Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input...

7.5CVSS7.4AI score0.01428EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:11 p.m.•27 views

Security Bulletin: Vulnerability in Go affects watsonx.data

Summary GoLang Go is vulnerable to denial of service attacks and HTML injection which may affect watsonx.data. Vulnerability Details CVEID:CVE-2023-24537 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an infinite loop due to integer overflow when calling any of the Parse...

7.5CVSS8.6AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:8 p.m.•31 views

Security Bulletin: Vulnerability in Kubernetes affects watsonx.data

Summary If log level of kubernetes is set to at least 9, authorization and bearer tokens will be written to log files causing information to leak. In watsonx.data, one must have access to the OCP cluster, and set the log level to 9 to see this issue. Vulnerability Details CVEID:CVE-2020-8565...

6.5CVSS5.7AI score0.01766EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 8:5 p.m.•30 views

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty is vulnerable to HTTP request smuggling, to remote attacks causing weaker than expected security, and to denial of service attacks. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2019-16869 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw...

9.1CVSS8.5AI score0.13474EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 7:51 p.m.•27 views

Security Bulletin: IBM Security QRadar EDR Software has weaker than expected security due to an included component (CVE-2024-39689)

Summary IBM Security QRadar EDR Software includes a vulnerable component e.g., framework library that could be identified and exploited with automated tools. This has been addressed in an update. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker...

7.5CVSS7.2AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 2:18 p.m.•51 views

Security Bulletin: IBM DataPower Gateway vulnerable to data truncation and DoS in Kerberos (CVE-2024-37370 & CVE-2024-37371)

Summary Kerberos is used by IBM DataPower Gateway as an optional authentication mechanism. Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially craft...

9.1CVSS8.5AI score0.01863EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 2:18 p.m.•34 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to Node.js micromatch module (CVE-2024-4067)

Summary IBM DataPower Gateway uses the micromatch module in its UI. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in micromatch.braces in index.js. By sending a...

5.3CVSS6.1AI score0.01429EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 11:18 a.m.•33 views

Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to Node.js Braces module (CVE-2024-4068)

Summary The Braces module is used by IBM DataPower Gateway in its UI Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: Node.js braces module is vulnerable to a denial of service, caused by the failure to limit the number of characters it can handle. leading to a memory exhaustion in...

7.5CVSS7.3AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/09/03 11:9 a.m.•13 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Dojo version 1.16.2

Summary A vulnerability has been identified in Dojo version 1.16.2 Prototype Pollution, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: Do...

7.7CVSS8.9AI score0.0399EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35726