Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35097 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 11:48 p.m.•28 views

Security Bulletin: TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491)

Summary TSSC/IMC is vulnerable to a denial of service attack due to ncruses CVE-2023-29491. A patch has been provided that updates the Dmidecode library. Vulnerability Details CVEID:CVE-2023-29491 DESCRIPTION: ncurses is vulnerable to a denial of service, caused by a memory corruption flaw when...

7.8CVSS8.2AI score0.00923EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 10:3 p.m.•42 views

Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions CVE-2024-0853. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details CVEID:CVE-2024-0853 DESCRIPTION:...

5.3CVSS5.4AI score0.01102EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 9:42 p.m.•32 views

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode (CVE-2023-30630)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Dmidecode library. CVE-2023-30630 Vulnerability Details CVEID:CVE-2023-30630 DESCRIPTION: Dmidecode could allow a local authetnicated attacker to bypass security restrictions,...

7.1CVSS7.2AI score0.00523EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 8:39 p.m.•30 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

7.5CVSS8AI score0.91969EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 8:32 p.m.•49 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

8.3CVSS10AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:49 p.m.•21 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34053)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34053 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

7.5CVSS6.7AI score0.0115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:41 p.m.•23 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34053)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34053 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

7.5CVSS6.7AI score0.0115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:26 p.m.•23 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat [CVE-2024-24549]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Tomcat, caused by improper input validation by the HTTP/2 header CVE-2024-24549. Apache Tomcat is used by our Speech microservices. This vulnerabilitiy has been addressed. Please...

7.5CVSS6.8AI score0.23072EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:24 p.m.•24 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat [CVE-2023-52425]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat, caused by improper system resource allocation CVE-2023-52425. libexpat is included as a Base OS package used by our Speech Services. This vulnerabilitiy has been addressed...

7.5CVSS7.5AI score0.01815EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:22 p.m.•23 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary command execution in Less [CVE-2022-48624]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary command execution in Less, caused by a flaw with omitting shellquote calls for LESSCLOSE in the closealtfile function in filename.c CVE-2022-48624. Less is included as a Base OS package used by our...

7.8CVSS8.2AI score0.01059EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:20 p.m.•34 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes [CVE-2020-8565]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes, caused by a flaw when kube-apiserver is using logLevel = 9 CVE-2020-8565. Kubernetes is included in the Speech utilities used by our service. This vulnerabilitiy...

5.5CVSS5.4AI score0.00512EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:19 p.m.•34 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes [CVE-2019-11250]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Kubernetes, caused by storing credentials in the log by the client-go library CVE-2019-11250. Kubernetes is included in the Speech utilities used by our service. This...

6.5CVSS5.5AI score0.01766EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:17 p.m.•27 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework [CVE-2024-22259]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to phishing attacks in VMware Tanzu Spring Framework, caused by an open redirect vulnerability in UriComponentsBuilder CVE-2024-22259. VMware Tanzu Spring Framework is used in our Speech Microservices. This...

8.1CVSS7.5AI score0.02573EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:14 p.m.•33 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-4408]

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when parsing large DNS messages CVE-2023-4408. ISC BIND is included as a Base OS package used by our Service Runtimes. This vulnerabiliti...

7.5CVSS7.4AI score0.01327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:7 p.m.•50 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when processing responses coming from specially crafted DNSSEC-signed zones CVE-2023-50387. ISC BIND is included as a Base OS package used by our Service...

7.5CVSS7.7AI score0.99995EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:3 p.m.•27 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Amazon Ion [CVE-2024-21634]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Amazon Ion, caused by a stack-based overflow in ion-java for applications CVE-2024-21634. Amazon Ion is a package used in our Speech Microservices. This vulnerabilitiy has been addresse...

7.5CVSS7.4AI score0.0082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:1 p.m.•28 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND [CVE-2023-50868]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in ISC BIND, caused by an error when preparing an NSEC3 closest encloser proof. CVE-2023-50868. ISC BIND is included as a Base OS package used by our Service Runtimes. This vulnerabilitiy...

7.5CVSS7.5AI score0.82829EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 4:51 p.m.•92 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries in the latest available versions or previously released versions. Additionally, IBM...

9.1CVSS9.3AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 3:46 p.m.•39 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway (CVE-2023-50310, CVE-2023-50311)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM CICS Transaction Gateway. This bulletin identifies the steps to take to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-50310 DESCRIPTION: IBM CICS...

7.5CVSS5.3AI score0.0039EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 3:31 p.m.•45 views

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details...

8CVSS8.1AI score0.01858EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 3:15 p.m.•22 views

Security Bulletin: IBM i is vulnerable to a privilege escalation due to the ability to configure a physical file trigger in Db2 for IBM i. [CVE-2024-27275]

Summary IBM i is vulnerable to a privilege escalation due to a user without privilege being able to configure a physical file trigger in Db2 for IBM i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...

7.8CVSS7.5AI score0.00155EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 2:20 p.m.•28 views

Security Bulletin: HTTP request smuggling vulnerability in IBM Business Automation Workflow Machine Learning Server CVE-2024-1135

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF003 addresses the following vulnerability CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling,...

7.5CVSS7.2AI score0.02996EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 9:12 a.m.•42 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2020-11022)

Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

6.9CVSS6.8AI score0.99019EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 9:9 a.m.•34 views

Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM TXSeries for Multiplatforms is vulnerable to a Denial of Service.

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable...

7.5CVSS6.9AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 9:8 a.m.•45 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2019-11358)

Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to...

6.1CVSS6.7AI score0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 8:52 a.m.•38 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2020-11023)

Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

6.9CVSS6.5AI score0.8383EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 8:46 a.m.•35 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2019-11358)

Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-23064 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

6.1CVSS6.4AI score0.87218EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 8:44 a.m.•31 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2022-26336)

Summary Used by IBM Decision Optimization for IBM Cloud Pak for Data, Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details...

5.5CVSS6.3AI score0.01484EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 7:43 a.m.•58 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309.

Summary Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-27309 DESCRIPTION: Apache Kafka is vulnerable to a...

7.4CVSS7.3AI score0.01115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:49 a.m.•31 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2024-20952, CVE-2024-20918,CVE-2024-20921, CVE-2023-33850)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. CVE-2024-20952,...

7.5CVSS7.1AI score0.00911EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 6:47 a.m.•34 views

Security Bulletin: IBM Watson Explorer affected by vulnerability in Apache ZooKeeper.(CVE-2024-23944)

Summary IBM Watson Explorer Foundational Components contains a vulnerable version of Apache ZooKeeper.CVE-2024-23944 Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent...

5.3CVSS7.2AI score0.00244EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/20 12:38 a.m.•48 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.04903EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/19 8:47 p.m.•53 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Vulnerability Details CVEID:CVE-2024-37532 DESCRIPTION: IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. CVSS Base score: 8.8 CVSS Tempora...

8.8CVSS8.3AI score0.00353EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/19 5:53 p.m.•61 views

Security Bulletin: Vulnerabilities in Linux components affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in libssh, nginx and nghttp2 affect IBM Storage Virtualize products and could cause denial of service and bypassing of authentication. CVE-2023-44487, CVE-2023-1667, CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a...

7.5CVSS8.3AI score0.99999EPSS
Exploits21Affected Software13
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/19 3:29 p.m.•41 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Apache Tomcat is vulnerable to a denial of servic...

7.5CVSS7.4AI score0.23072EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/19 3:28 p.m.•40 views

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/19 10:43 a.m.•26 views

Security Bulletin: A vulnerability in Transparent Cloud Tiering affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not...

5.3CVSS6.1AI score0.0138EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/19 10:34 a.m.•36 views

Security Bulletin: Vulnerabilities in Transparent Cloud Tiering affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in netty-codec-http2 and commons-compress affect the Transparent Cloud Tiering function in IBM Storage Virtualize products. CVE-2023-44487, CVE-2024-25710, CVE-2024-26308. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the...

8.1CVSS8AI score0.99999EPSS
Exploits19Affected Software10
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/19 10:32 a.m.•25 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues due to Apache Commons Configuration and Fasterxml jackson-databind

Summary There are vulnerabilities in Apache Commons Configuration and Fasterxml jackson-databind used by Install Agent, Integrated File Agent and Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the...

7.3CVSS7.5AI score0.02054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/18 10:3 p.m.•48 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json. The flaws can lead to server-side request forgery, bypass of security...

9.8CVSS10AI score0.78483EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/18 8:51 p.m.•28 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery, bypass of security restrictions, denial of service, and arbitrary...

9.8CVSS9.2AI score0.78483EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/18 8:3 p.m.•51 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...

9.8CVSS7.6AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/18 2:2 p.m.•56 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details CVEID:CVE-2018-1000134 DESCRIPTION: Ping Identity UnboundID LDAP SDK could allow a remote attacker to...

9.8CVSS9.2AI score0.91896EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/18 2:1 p.m.•58 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a fl...

9.8CVSS10AI score0.99931EPSS
Exploits51Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/17 8:14 p.m.•47 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

8.2CVSS9.5AI score0.02573EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/17 8:13 p.m.•12 views

Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks (CVE-2023-47726)

Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard input. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...

8.8CVSS7.6AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/17 7:37 p.m.•37 views

Security Bulletin: A remote execution vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. A remote execution of arbitrary commands vulnerability affecting Node.js has been published in this security bulletin. This bulletin...

8.1CVSS7.5AI score0.01387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/17 3:53 p.m.•11 views

Security Bulletin: IBM Sterling B2B Integrator - The Document Service Container in IBM Sterling B2B Integrator is vulnerable to denial of service due to jackson-core (256137)

Summary The Document Service Container in IBM Sterling B2B Integrator is vulnerable to a denial of service due to jackson-core 256137. IBM Sterling B2B Integrator has addressed the vulnerabilty in the Remediation/Fixes section of this bulletin. Vulnerability Details IBM X-Force ID: 256137...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/17 3:46 p.m.•30 views

Security Bulletin: A vulnerability in Apache Xerces C++ XML parser may affect IBM Storage Protect HSM for Windows

Summary IBM Storage Protect HSM for Windows can be affected by a security flaw in Apache Xerces C++ XML parser. The flaw can lead to arbitrary code execution, as described in the "Vulnerability Details" section. CVE-2024-23807. Vulnerability Details CVEID:CVE-2024-23807 DESCRIPTION: Apache Xerces...

9.8CVSS8.4AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/06/17 2:48 p.m.•31 views

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.2 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2014-3643 DESCRIPTION: Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by jersey SAX parser. By sending ...

9.8CVSS9.1AI score0.95707EPSS
Exploits20Affected Software1
Total number of security vulnerabilities35097