Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35077 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 11:45 a.m.26 views

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-22353

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...

7.5CVSS6.7AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 11:37 a.m.20 views

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

4.3CVSS5.5AI score0.00031EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 11:34 a.m.13 views

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2023-50312

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

6.5CVSS5.9AI score0.00032EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 11:33 a.m.30 views

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-25026

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

7.5CVSS6.5AI score0.00021EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 11:32 a.m.12 views

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

4.3CVSS5.5AI score0.00031EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 11:31 a.m.52 views

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage...

6.5CVSS6.1AI score0.01807EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 11:28 a.m.22 views

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-27268

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...

7.5CVSS6.3AI score0.00191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 11:27 a.m.29 views

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2023-51775

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...

6.5CVSS6.7AI score0.00383EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 10:5 a.m.29 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.18 LTS and 11.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.1CVSS8.6AI score0.00751EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/06/03 9:18 a.m.42 views

Security Bulletin: IBM Sterling Transformation Extender is vulnerable to multiple issues due to IBM Java

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote...

7.5CVSS7AI score0.00449EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/31 2:39 p.m.38 views

Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

7.5CVSS6.2AI score0.00152EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/31 10:42 a.m.62 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...

7CVSS7.2AI score0.00663EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/31 6:13 a.m.34 views

Security Bulletin: IBM Observability with Instana for Synthetic PoP is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 274 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially...

8.1CVSS7.6AI score0.00663EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 7:41 p.m.39 views

Security Bulletin: Multiple Security Vulnerabilities were discovered in IBM Security Verify Access Container (CVE-2024-35140, CVE-2024-35141, CVE-2024-35142)

Summary Vulneribities were discovered during an assessment of the IBM Security Verify Access Container Product. They were addressed in the ISVA 10.0.7 release. Vulnerability Details CVEID:CVE-2024-35142 DESCRIPTION: IBM Security Verify Access could allow a local user to escalate their privileges...

8.4CVSS7.8AI score0.00064EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 6:56 p.m.14 views

Security Bulletin: IBM Sterling Order Management using IBM WebSphere Application Server Liberty is vulnerable to a denial of service attack.

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service attack caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: I...

7.5CVSS6.5AI score0.00058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 6:50 p.m.30 views

Security Bulletin: Denial of service vulnerabilities in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Multiple denial of service attacks affecting Node.js have been published in this security bulletin. This bulletin identifies the steps ...

7.8CVSS7.8AI score0.03331EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 6:49 p.m.35 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. This bulletin identifies the...

8.2CVSS6.8AI score0.75933EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 5:34 p.m.18 views

Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access OpenID Connect Provider (CVE-2024-22338)

Summary The IBM Security Verify Access OpenID Connect Provider could disclose sensitive information to a local user. This has been addressed in the OIDC Provider 23.12. Vulnerability Details CVEID:CVE-2024-22338 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose sensitive...

5.5CVSS3.9AI score0.00052EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 3:24 p.m.18 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to information disclosure due to Springfox Swagger (CVE-2019-17495)

Summary IBM Sterling B2B Integrator uses Springfox Swagger. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. ...

9.8CVSS9.2AI score0.11565EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 2:6 p.m.47 views

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their April 2024 Vulnerability Advisory, plus CVE-2024-3933. For more information please refer to OpenJDK's April 2024 Vulnerability Advisory and the X-Force database entries referenced below. Vulnerability...

7.3CVSS5.2AI score0.00146EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 1:50 p.m.42 views

Security Bulletin: CVE-2024-3933 affects IBM® SDK, Java™ Technology Edition

Summary CVE-2024-3933 affects IBM SDK, Java Technology Edition. An update has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to...

7.3CVSS5.8AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 11:26 a.m.46 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 273. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input...

7.5CVSS7.6AI score0.0033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 11:23 a.m.48 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 273 Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...

7.5CVSS9.6AI score0.9439EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 7:47 a.m.50 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in net-ssh-4.2.0.gem

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of net-ssh-4.2.0.gem Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport...

5.9CVSS6.4AI score0.51662EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/30 3:19 a.m.13 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On due to April 2024 CPU

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

7.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/29 9:31 p.m.29 views

Security Bulletin: IBM Aspera Console has addressed multiple cross-site scripting vulnerabilities (CVE-2022-43384, CVE-2022-43575)

Summary This Security Bulletin addresses security vulnerabilities related to cross-site scripting that have been remediated CVE-2022-43384, CVE-2022-43575 in IBM Aspera Console 3.4.2 PL6. Vulnerability Details CVEID:CVE-2022-43384 DESCRIPTION: IBM Aspera Console is vulnerable to cross-site...

5.4CVSS5.2AI score0.00132EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/29 9:22 p.m.51 views

Security Bulletin: IBM Aspera Console has addressed a denial of service vulnerability (CVE-2024-27316)

Summary IBM Aspera Console is vulnerable to Apache HTTP Server denial of service vulnerability caused by the failure to check or limit the use of HTTP/2 CONTINUATION frames that can be sent within a single stream, a remote attacker could exploit this vulnerability to cause an out of memory OOM...

7.5CVSS7.6AI score0.87555EPSS
Exploits2Affected Software4
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/29 8:37 p.m.44 views

Security Bulletin: IBM Aspera Console has addressed multiple HTTP vulnerabilities (CVE-2022-43841, CVE-2024-24795, CVE-2023-38709)

Summary This Security Bulletin addresses security vulnerabilities related to HTTP responses that would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information CVE-2022-43841, CVE-2024-24795, CVE-2023-38709...

7.3CVSS6.9AI score0.04473EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/29 8:37 p.m.38 views

Security Bulletin: IBM Aspera Console has addressed multiple PCRE and PCRE2 library vulnerabilities (CVE-2022-1587, CVE-2019-20838, CVE-2022-1586)

Summary This Security Bulletin addresses security vulnerabilities related to PCRE and PCRE2 library vulnerabilities that have been remediated CVE-2022-1587, CVE-2019-20838, CVE-2022-1586 in IBM Aspera Console 3.4.2 PL5. Vulnerability Details CVEID:CVE-2022-1587 DESCRIPTION: PCRE2 could allow a...

9.1CVSS9.4AI score0.00584EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/29 2:52 p.m.22 views

Security Bulletin: IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782

Summary IBM Truststore Manager uses cryptography-41.0.4-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic Authority...

7.5CVSS7.3AI score0.00855EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/29 2:43 p.m.32 views

Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.16 and earlier

Summary This fix upgrades to Node.js 18.20.3 and Websphere Liberty 24.0.0.5. Node.js is used by all IBM Answer Retrieval for Watson Discovery user interfaces. Websphere Liberty is used by the IBM Answer Retrieval for Watson Discovery swagger microservice. There are two categories of vulnerabiliti...

8.2CVSS8.5AI score0.75933EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/29 6:30 a.m.34 views

Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2023-50782

Summary IBM Maximo Application Suite uses cryptography-41.0.2-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-50782. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-50782 DESCRIPTION: Python Cryptographic...

7.5CVSS7.3AI score0.00855EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/29 5:40 a.m.28 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2023-51775, CVE-2024-22354)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7CVSS7.6AI score0.00383EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/28 7:54 p.m.15 views

Security Bulletin: WebSphere Application Server Liberty is vulnerable to denial of service (CVE-2023-38737)

Summary IBM Spectrum Protect for Workstations Central Administration Console requires the dependent product IBM WebSphere Application Server Liberty. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Refer to t...

7.5CVSS6.2AI score0.00058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/28 7:41 p.m.41 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2023-38264, CVE-2024-21011, CVE-2024-21085 and CVE-2024-21094 Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Ja...

7.5CVSS5AI score0.00449EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/27 3:11 p.m.14 views

Security Bulletin: IBM Aspera Faspex 5 has addressed a cross-site scripting vulnerability (CVE-2023-37411)

Summary IBM Aspera Faspex 5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

5.4CVSS4.9AI score0.00089EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/27 6:46 a.m.25 views

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2024-28793

Summary Vulnerability CVE-2024-28793 affects the Team Concert Git plugin of IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2024-28793 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to stored cross-site scripting. Under certain configurations, this...

5.4CVSS4.9AI score0.00198EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/24 6:2 p.m.33 views

Security Bulletin: IBM InfoSphere Information Server containers are vulnerable to privilege escalation

Summary A privilege escalation vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4185 DESCRIPTION: IBM InfoSphere Information Server containers are vulnerable to privilege escalation due to an insecurely configured component. CVSS Base Score:...

8.3CVSS8.4AI score0.00209EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/24 4:46 p.m.31 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js Vulnerability Details CVEID:CVE-2024-25180 DESCRIPTION: pdfmake could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input. By...

9.8CVSS9.8AI score0.00428EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/24 3:15 p.m.43 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery due to Apache CXF

Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2024-28752. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementation. Vulnerability...

9.3CVSS9AI score0.46602EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/24 2:17 p.m.51 views

Security Bulletin: Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1

Summary Security vulnerability found in curl package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2024-2398 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a memory leak when allowing...

8.6CVSS8.7AI score0.01962EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/24 2:15 p.m.21 views

Security Bulletin: Security vulnerability found in openldap package shipped with IBM CICS TX Advanced 10.1

Summary Security vulnerability found in openldap package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw...

7.5CVSS7.7AI score0.01419EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/24 11:0 a.m.29 views

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service and disclosure of sensitive information.

Summary IBM WebSphere Application Server Liberty is used by IBM Tivoli Application Dependency Discovery Manager CVE-2023-50312,CVE-2024-27270 and CVE-2024-22329 Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide...

6.5CVSS5.6AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/23 5:59 p.m.47 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2023-42753, CVE-2023-5178, CVE-2023-47710, CVE-2023-45871)

Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2023-42753 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due to an array indexing issue in...

8.8CVSS8.8AI score0.08105EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/23 6:14 a.m.26 views

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2023-50312)

Summary WebSphere Application Server Liberty used by IBM Operations Analytics - Log Analysis is vulnerable to weak security. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for...

6.5CVSS5.9AI score0.00032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/22 10:31 a.m.33 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar (CVE-2024-28863)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to node-tar. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: isaacs node-tar is vulnerable to a denial of service, caused by the lack of...

6.5CVSS6.5AI score0.00663EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/22 10:2 a.m.19 views

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains.(CVE-2021-20544)

Summary External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own right, and in some...

5.4CVSS4.8AI score0.00102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/22 9:19 a.m.74 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS packages/liberaries .

Summary IBM MQ Operator and Queue manager container images are vulnerable to glibc, Golang Go , Apache HTTP, IBM GSKit-Crypto and GnuTLS. This bulletin identifies the steps required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: glibc is vulnerable to a...

8.1CVSS9.1AI score0.91924EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/22 4:28 a.m.12 views

Security Bulletin: IBM App Connect Enterprise AdminAPI is vulnerable to a denial of service (CVE-2024-31904)

Summary IBM App Connect Enterprise AdminAPI is vulnerable to a denial of service. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-31904 DESCRIPTION: IBM App Connect Enterprise integration nodes could allow an authenticated user to caus...

6.5CVSS6.4AI score0.00138EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/22 4:16 a.m.20 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to an authenticated user accessing sensitive information (CVE-2024-31893, CVE-2024-31894 & CVE-2024-31895)

Summary IBM App Connect Enterprise Discovery Connector nodes for Calendly, Docusign and Square are vulnerable to an authenticated user accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-31893 DESCRIPTION:...

6.5CVSS3.9AI score0.00127EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35077