Lucene search
K

35726 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/08/15 8:1 p.m.15 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2024-35153

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.8CVSS5AI score0.00362EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/15 6:23 p.m.25 views

Security Bulletin: Vulnerability in Netplex JSON Smart affects watsonx.data

Summary netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the nesting of arrays or objects. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2023-1370 DESCRIPTION: netplex json-smart-v2 is vulnerable to a denial of service, caused by not limiting the...

7.5CVSS8.3AI score0.01119EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/15 4:26 p.m.28 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module ws (CVE-2024-37890)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js module ws. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NU...

7.5CVSS7.3AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/15 3:40 p.m.38 views

Security Bulletin: Several Security Vulnerabilities were discovered in IBM Security Directory Suite. (CVE-2023-24998, CVE-2023-28867, CVE-2023-0482)

Summary Several vulnerabilities were addressed in WebSphere Application Server Liberty components shipped with the IBM Security Directory Suite Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit t...

7.5CVSS7.8AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/15 3:36 p.m.36 views

Security Bulletin: Several Security Vulnerabilities have been addressed in IBM Security Directory Suite. (CVE-2022-21426, CVE-2023-21830, CVE-2023-21843)

Summary Mulitiple Security Vulnerabilities have been discovered in the Java SE component as shipped with IBM Security Directory Suite. These have been addressed in an update. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP...

5.3CVSS5.2AI score0.03203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 8:11 p.m.59 views

Security Bulletin: IBM Planning Analytics is affected by vulnerabilities in IBM Java and IBM Websphere Application Server Liberty

Summary There are vulnerabilities in IBM® Java™ Version 8 and IBM WebSphere Application Server Liberty used by both IBM Planning Analytics and IBM Planning Analytics Workspace. With respect to IBM Planning Analytics, applicable CVEs have been addressed by upgrading to non-vulnerable versions of...

7.5CVSS9.2AI score0.01316EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 4:33 p.m.37 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to an information disclosure (CVE-2023-50315)

Summary IBM WebSphere Application Server is vulnerable to an information disclosure. Vulnerability Details CVEID:CVE-2023-50315 DESCRIPTION: IBM WebSphere Application Server could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerabilit...

5.9CVSS5.1AI score0.00268EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 3:53 p.m.27 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to information disclosure (CVE-2023-50314)

Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this...

7.5CVSS6AI score0.00254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 3:42 p.m.19 views

Security Bulletin: Vulnerability in CRI-O affects watsonx.data

Summary CRI-O could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by an arbitrary systemd property injection. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-3154 DESCRIPTION: CRI-O could allow a remote authenticated attacker to...

7.2CVSS7.7AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 3:41 p.m.29 views

Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects watsonx.data

Summary VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct...

8.1CVSS7.7AI score0.01191EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 3:40 p.m.42 views

Security Bulletin: Vulnerabilities in jackson-databind affect watsonx.data

Summary FasterXML jackson-databind has multiple vulnerabilities including the possibility of remote attackers executing arbitrary code on the system. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2018-12022 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to...

8.8CVSS9.1AI score0.21949EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 3:38 p.m.21 views

Security Bulletin: Vulnerability in Apache Calcite Avatica affects watsonx.data

Summary Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via httpclientimpl connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via...

8.8CVSS9.2AI score0.02276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 3:36 p.m.43 views

Security Bulletin: Vulnerability in jackson-databind affects watsonx.data

Summary FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception and other causes Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By...

7.5CVSS7.6AI score0.17611EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 2:18 p.m.49 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Application Server Liberty due to July 2024 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.4CVSS6.7AI score0.01136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 2:13 p.m.32 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. For more information please refer to Oracle's July 2024 CPU Advisory and the X-Force database entries referenced...

7.4CVSS6.2AI score0.01257EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 1:9 p.m.16 views

Security Bulletin: PyMySQL allows SQL injection [CVE-2024-36039]

Summary PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escapedict. Vulnerability Details CVEID:CVE-2024-36039 DESCRIPTION: PyMySQL is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which cou...

6.3CVSS7.1AI score0.00691EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 9:50 a.m.29 views

Security Bulletin: Pillow versions have a Denial of Service vulnerability due to uncontrolled memory allocation in ImageFont's

Summary An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance...

8.1CVSS9.3AI score0.01703EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 9:31 a.m.72 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

10CVSS9.5AI score0.08279EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 9:0 a.m.23 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary IBM SDK, Java Technology Edition is vulnerable to CVE-2023-38264. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Engineering Lifecycle Optimization - Publishing, Global...

7.5CVSS5.8AI score0.00848EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 9:14 p.m.24 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement (CVE-2024-35152)

Summary IBM® Db2® is vulnerable to a denial of service when querying certain tables using a specially crafted statement. Vulnerability Details CVEID:CVE-2024-35152 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of...

6.5CVSS6.5AI score0.00566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 9:11 p.m.16 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment (CVE-2024-31882)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on columnar tables in a database partitioned environment. Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is...

6.5CVSS6.2AI score0.00553EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 6:12 p.m.42 views

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their July 2024 Vulnerability Advisory. For more information please refer to OpenJDK's July 2024 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability...

4.8CVSS5.5AI score0.01056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 4:22 p.m.28 views

Security Bulletin: IBM OpenPages may write sensitive information with System tracing enabled (CVE-2024-35117)

Summary IBM OpenPages may write sensitive data to server log files when the 'UI API' tracing is enabled per the System Tracing feature. Vulnerability Details CVEID:CVE-2024-35117 DESCRIPTION: IBM OpenPages may write sensitive information, under specific configurations, in clear text to the system...

4.4CVSS6.6AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/13 6:16 a.m.64 views

Security Bulletin: Moment.js issue of validating, manipulating, and formatting dates

Summary Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale...

7.5CVSS7.6AI score0.05664EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 10:17 p.m.32 views

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in IBM Websphere Application Liberty and Open-Source Software OSS components consumed by IBM Cognos Dashboards on Cloud Pak which have been resolved by upgrading or removing the vulnerable libraries. Please refer to the Related Information section below for...

9.8CVSS10AI score0.8496EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 10:4 p.m.59 views

Security Bulletin: AIX is affected by information disclosure (CVE-2023-45803) and arbitrary code execution (CVE-2024-6345) due to Python

Summary Vulnerabilities in Python could allow a remote attacker to obtain sensitive information CVE-2023-45803 or execute arbitrary code CVE-2024-6345. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow ...

8.8CVSS7.9AI score0.01939EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 7:34 p.m.29 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Liberty Profile affects IBM Robotic Process Automation and may result in a denial of service ( CVE-2024-25026, CVE-2024-27268)

Summary Multiple vulnerabilities in IBM WebSphere Liberty Profile affects IBM Robotic Process Automation and may result in a denial of service. IBM WebSphere Liberty is used by IBM Robotic Process Automation for as part of Abbyy and Antivirus containers and UMS. This bulletin identifies the...

7.5CVSS6.5AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 2:48 p.m.16 views

Security Bulletin: IBM QRadar Suite software is vulnerable to invalid session timeout

Summary IBM QRadar Suite software is vulnerable to invalid session timeout. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

4.7CVSS4.9AI score0.00285EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 11:9 a.m.21 views

Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a vulnerability in its dependencies

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to Unix File Parameter Alteration Vulnerability Details CVEID:CVE-2020-3452 DESCRIPTION: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software could allow a remote...

7.5CVSS7.4AI score0.99992EPSS
Exploits24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 10:6 a.m.13 views

Security Bulletin: IBM Maximo Application Suite uses ansible-operator 7.11.6 which is vulnerable to CVE-2024-0690.

Summary IBM Maximo Application Suite uses ansible-operator 7.11.6 which is vulnerable to CVE-2024-0690. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-0690 DESCRIPTION: Red Hat Ansible could allow a local authenticated attacker...

5.5CVSS5.1AI score0.00301EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 8:30 a.m.24 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 24.0.0.4 which is vulnerable to CVE-2023-50312 and CVE-2024-25026

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 24.0.0.4 which is vulnerable to CVE-2023-50312 and CVE-2024-25026. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphe...

7.5CVSS6.3AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 8:30 a.m.27 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses bcprov-jdk15on-1.70.jar which is vulnerable to CVE-2024-30172

Summary IBM Maximo Application Suite - IoT Component uses bcprov-jdk15on-1.70.jar which is vulnerable to CVE-2024-30172. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Jav...

7.5CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 8:29 a.m.24 views

Security Bulletin: IBM Maximo Application Suite uses Flask_Cors-4.0.0-py2.py3-none-any.whl which is vulnerable to CVE-2024-1681

Summary IBM Maximo Application Suite uses FlaskCors-4.0.0-py2.py3-none-any.whl which is vulnerable to CVE-2024-1681. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-1681 DESCRIPTION: Flask-CORS could allow a remote attacker to...

5.3CVSS5.8AI score0.00574EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 6:56 a.m.20 views

Security Bulletin: Apache commons-fileupload vulnerability (CVE-2023-24998)

Summary Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 4:28 a.m.37 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Liberty impact IBM License Key Server Administration and Reporting Tool and IBM LKS Administration Agent.

Summary Multiple vulnerabilities in IBM WebSphere Liberty impact IBM License Key Server Administration and Reporting Tool and IBM LKS Administration Agent. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Libert...

7.5CVSS6.8AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 4:26 a.m.39 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and its Agent

Summary Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

7.5CVSS5.1AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 4:25 a.m.18 views

Security Bulletin: IBM Common Licensing is vulnerable to stored cross-site scripting in IBM LKS Administration Reporting Tool and its Agent.

Summary IBM LKS Administration Reporting Tool and its Agent are vulnerable to stored cross-site scripting. This has been addressed in the remediation section Vulnerability Details CVEID:CVE-2024-41774 DESCRIPTION: IBM Common Licensing is vulnerable to stored cross-site scripting. This vulnerabili...

4.8CVSS4.9AI score0.00246EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/12 4:23 a.m.17 views

Security Bulletin: IBM Common Licensing is affected by a Weak Password Policy vulnerability (CVE-2024-40697)

Summary IBM LKS Administration and Reporting Tool and Administration Agent does not require that users should have passwords of defined length by default, which makes it easier for attackers to compromise user accounts. This has been addressed in remediation section. Vulnerability Details...

7.5CVSS7.4AI score0.00489EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/11 8:40 p.m.32 views

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. These issues were disclosed in an IBM® Db2® Security Bulletin in July 2023. Vulnerability Details CVEID:CVE-2023-30447 DESCRIPTION: IBM Db2 for Linux, UNIX and Windo...

8.8CVSS8.9AI score0.01378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/10 3:11 a.m.56 views

Security Bulletin: IBM Data Virtualization on Cloud Pak for Data is vulnerable to OpenSSH vulnerability CVE-2024-6387

Summary IBM Data Virtualization on Cloud Pak for Data embeds a variant of the IBM Db2 database server that runs in MPP mode. For MPP functionality such as scale-out, internally the server uses the secure shell SSH protocol for inter-pod communication. SSH protocol is not exposed to external users...

8.1CVSS8.6AI score0.99506EPSS
Exploits68Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 4:11 p.m.15 views

Security Bulletin: IBM Master Data Management vulnerable to remote code execution from vulnerability in IBM WebSphere Application Server (CVE-2024-35154)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote authenticated attacker, who has authorized access to the administrative console, to execute arbitrary code. Usin...

7.2CVSS7.7AI score0.01163EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 11:54 a.m.28 views

Security Bulletin: Multiple Vulnerabilities in XCC affect IBM Cloud Pak System

Summary Multiple Vulnerabilities in XClarity Controller XCC affect IBM Cloud Pak System. XCC is used by Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2023-4607 DESCRIPTION: Lenovo XClarity Controller XCC could allow a remote...

8.8CVSS7.6AI score0.00569EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 11:21 a.m.19 views

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to CVE-2024-27268 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is vulnerable to CVE-2024-27268. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application...

7.5CVSS6.6AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 11:20 a.m.21 views

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to CVE-2024-22354 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is vulnerable to CVE-2024-22354. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application...

7CVSS7.3AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 11:19 a.m.31 views

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-51775 a denial of service due to jose4j

Summary IBM Maximo Application Suite - Monitor Component uses jose4j which is vulnerable to CVE-2023-51775. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 11:19 a.m.19 views

Security Bulletin: Maximo Application Suite - IBM WebSphere Application Server Liberty is vulnerable to multiple CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is vulnerable to multiple CVEs. This bulletin identifies the steps to take to address the vulnerabilities. List of CVEs: CVE-2024-22353, CVE-2023-50312, CVE-2024-27270. Vulnerability Details...

7.5CVSS6.6AI score0.00818EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 10:5 a.m.27 views

Security Bulletin: There is a vulnerability in commons-compress-1.21.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-25710, CVE-2024-26308)

Summary There is a vulnerability in commons-compress-1.21.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading...

8.1CVSS6.5AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 10:3 a.m.26 views

Security Bulletin: There is a vulnerability in commons-compress-1.21.jar used by IBM Maximo Asset Management application (CVE-2024-25710, CVE-2024-26308)

Summary There is a vulnerability in commons-compress-1.21.jar used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a...

8.1CVSS6.6AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 5:50 a.m.26 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by Java JWT vulnerability

Summary IBM Sterling Connect:Direct Web Service is vulnerable to JJWT version 0.9.1. Connect:Direct Web Services has upgraded to version 0.12.5 to address CVE-2024-31033. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka...

6.8CVSS6.8AI score0.00776EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 4:51 a.m.19 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using the -Xgc:concurrentScavenge option on IBM Z is vulnerable to Buffer overflow in GC

Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Jazz...

7.3CVSS5.6AI score0.00207EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35726