Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35092 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 6:59 p.m.•20 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition. Vulnerability Details Refer to the security bulletins listed in the...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 6:58 p.m.•30 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications. Vulnerability Details Refer to the security bulletins listed in the...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 6:17 p.m.•51 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2023-38709, CVE-2024-24795)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

7.3CVSS6.6AI score0.03914EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 5:27 p.m.•42 views

Security Bulletin: IBM® Db2® is affected by a vulnerability in an open source library boost (CVE-2012-2677)

Summary IBM® Db2® is affected by a vulnerability in an open source library boost. Vulnerability Details CVEID:CVE-2012-2677 DESCRIPTION: Boost is vulnerable to a buffer overflow, caused by improper bounds checking by the orderedmalloc function. By persuading a victim to open a specially-crafted...

5CVSS7.2AI score0.03889EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 4:23 p.m.•18 views

Security Bulletin: RabbitMQ protocol as used by IBM QRadar SIEM lacks certificate validation (CVE-2023-50949)

Summary The RabbitMQ protocol used by SOAR integration for IBM QRadar SIEM lacks certificate validation and could potentially enable MITM attacks. Vulnerability Details CVEID:CVE-2023-50949 DESCRIPTION: IBM QRadar could allow an unauthorized user to perform unauthorized actions due to improper...

8.1CVSS5.7AI score0.00339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 4:22 p.m.•25 views

Security Bulletin: Multiple Security Vulnerabilities were found in Open Source libraries used to deploy IBM Security Verify Access Appliances (CVE-2024-31871, CVE-2024-31872, CVE-2024-31873, CVE-2024-31874)

Summary An Open Source repository of python deployment scripts for ISVA Appliance is published on GitHub at https://github.com/IBM-Security/ibmsecurity. Vulnerabilities reported in the public repository have been addressed. Vulnerability Details CVEID:CVE-2024-31872 DESCRIPTION: IBM Security Veri...

8.1CVSS6.8AI score0.01197EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 2:21 p.m.•19 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server CVE-2023-51775

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

6.5CVSS6.7AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 12:45 p.m.•31 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server in IBM Rational ClearQuest (CVE-2023-52425)

Summary IBM HTTP Server is used by IBM WebSphere Application Server WAS in IBM Rational ClearQuest server and web components. Information about security vulnerability affecting IBM HTTP Server used by WAS has been published in a security bulletin. Vulnerability Details Refer to the security...

7.5CVSS7.7AI score0.01815EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 11:45 a.m.•26 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2023-51775)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

6.5CVSS6.8AI score0.00879EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 11:1 a.m.•77 views

Security Bulletin: Node.js IP is vulnerable to CVE-2023-42282 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Node.js IP which is vulnerable to CVE-2023-42282. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to...

9.8CVSS9.4AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 10:49 a.m.•42 views

Security Bulletin: Jinja2-2.11.3-py2.py3-none-any.whl and Jinja2-3.1.2-py3-none-any.whl is vulnerable to CVE-2024-22195 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Jinja2-2.11.3-py2.py3-none-any.whl and Jinja2-3.1.2-py3-none-any.whl which is vulnerable to CVE-2024-22195 Vulnerability Details CVEID:CVE-2024-22195 DESCRIPTION: Pallets Jinja is vulnerable to cross-site scripting, caused by imprope...

6.1CVSS6.2AI score0.00892EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 10:49 a.m.•34 views

Security Bulletin: Django-3.2.24-py3-none-any.whl is vulnerable to CVE-2024-27351 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Django-3.2.24-py3-none-any.whl which is vulnerable to CVE-2024-27351 Vulnerability Details CVEID:CVE-2024-27351 DESCRIPTION: Django is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in...

5.3CVSS6.2AI score0.01854EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 10:49 a.m.•30 views

Security Bulletin: cryptography-42.0.0-cp37-abi3-manylinux_2_28_x86_64.whl and cryptography-42.0.3-cp37-abi3-manylinux_2_28_x86_64.whl is vulnerable to CVE-2024-26130 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses cryptography-42.0.0-cp37-abi3-manylinux228x8664.whl and cryptography-42.0.3-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2024-26130 Vulnerability Details CVEID:CVE-2024-26130 DESCRIPTION: cryptography is vulnerable to a...

7.5CVSS7.3AI score0.00831EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 10:48 a.m.•25 views

Security Bulletin: next-auth-4.24.3.tgz is vulnerable to CVE-2023-48309 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses next-auth-4.24.3.tgz which is vulnerable to CVE-2023-48309 Vulnerability Details CVEID:CVE-2023-48309 DESCRIPTION: Auth.js next-auth could allow a remote attacker to obtain sensitive information, caused by improper authentication...

5.3CVSS5.3AI score0.007EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 9:32 a.m.•9 views

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a separated security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 9:27 a.m.•41 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

10CVSS9.4AI score0.61979EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/10 5:57 a.m.•30 views

Security Bulletin: Vulnerabilities found in Jetty may affect IBM Content Collector for SAP Applications

Summary IBM Content Collector for SAP Applications may be affected by multiple vulnerabilities found in Jetty. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request header. By sending a specially...

5.3CVSS6.2AI score0.01069EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/09 7:59 p.m.•41 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-22036, CVE-2023-22006, CVE-2023-22041, CVE-2023-22049 and CVE-2023-22045)

Summary Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-22036 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow a remo...

5.1CVSS5.5AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/09 7:9 p.m.•35 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to SQL injection due to Postgresql JDBC driver (CVE-2023-45178)

Summary The Postgresql JDBC driver is shipped with IBM Tivoli Netcool Impact as a part of it's data source adapter connectivity. Information about security vulnerabilities affecting Postgresql JDBC driver has been published in a security bulletin. This bulletin identifies the steps to take to...

10CVSS8.7AI score0.0481EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/09 6:57 p.m.•23 views

Security Bulletin: IBM QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...

9.8CVSS7.9AI score0.93305EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/09 6:54 p.m.•32 views

Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Deployment Intelligence app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-46234 DESCRIPTION: browserify...

7.5CVSS7.2AI score0.00797EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/09 4:32 p.m.•51 views

Security Bulletin: IBM Operational Decision Manager for March 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2007-4559...

9.8CVSS9.2AI score0.99999EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/09 12:27 p.m.•41 views

Security Bulletin: There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM TXSeries for Multiplatforms (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676, CVE-2023-22045 and CVE-2023-22049).

Summary There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM TXSeries for Multiplatforms CVE-2023-22081, CVE-2023-22067, CVE-2023-5676, CVE-2023-22045 and CVE-2023-22049. An update to IBM TXSeries for Multiplatforms has been released to address these...

5.9CVSS6.1AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/09 10:8 a.m.•42 views

Security Bulletin: An Eclipse Jetty vulnerability affects IBM Rational Functional Tester/ IBM DevOps Test UI

Summary There is vulnerability in Eclipse Jetty used by Rational Functional TesterRFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE-2024-22201. Vulnerability Details CVEID:CVE-2024-22201 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by a flaw whe...

7.5CVSS7.3AI score0.01433EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/08 5:29 p.m.•41 views

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct FTP...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/08 5:27 p.m.•37 views

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct FTP+ on Solaris platform in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on Solaris platform is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct FTP+ on Solaris platform has upgraded I...

7.5CVSS7AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/08 5:22 p.m.•37 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to unspecified vulnerabilities and sensitive information exposure due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and management. IBM Sterling Connect:Direct for UNIX is impacted by unspecified vulnerabilities and sensitive information exposure due to IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM...

7.5CVSS7AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/08 12:54 p.m.•35 views

Security Bulletin: Vulnerabilities in cryptography and Jinja [CVE-2023-50782, CVE-2024-22195]

Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in cryptography and Jinja which include obtain sensitive information and cross-site scripting, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have...

7.5CVSS6.8AI score0.01109EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/06 12:29 a.m.•38 views

Security Bulletin: Vulnerabilities have been identified with the DS8900F Hardware Management Console (HMC)

Summary The updates indicated below have been released to address the following vulnerabilities: CVE-2023-46169 Arbitrary file deletion, CVE-2023-46171 view sensitive log information, CVE-2023-46172 Bypass authentication restrictions for authorized user, CVE-2023-46170 Arbitrary file read ,...

9.8CVSS8.6AI score0.01931EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 11:21 p.m.•30 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850

Summary IBM Copy Services Manager is vulnerable to an information disclosure threats CVE-2023-33850 and other vulnerabilities CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 due to the use of IBM Java. IBM Java is used by CSM to provi...

7.5CVSS7.5AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 10:31 p.m.•30 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296, CVE-2024-22360 Vulnerability Details...

6.8CVSS6.2AI score0.03889EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 5:16 p.m.•38 views

Security Bulletin: Vulnerabilities in medikoo es5-ext and Node.js packages might affect IBM Storage Defender – Resiliency Service (CVE-2024-27088 and CVE-2024-28849)

Summary IBM Storage Defender – Resiliency Service is vulnerable and that can result in denial of service. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-27088 DESCRIPTION: medikoo es5-ext is vulnerable to a denial of service, caused by a regular expression denial of...

6.5CVSS6.4AI score0.01044EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 4:20 p.m.•25 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified...

7.5CVSS7AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 3:27 p.m.•33 views

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite may be affected by XML External Entity (XXE) attack (CVE-2024-27266)

Summary IBM Maximo Manage application in IBM Maximo Application Suite may be affected by XML External Entity XXE attack. Vulnerability Details CVEID:CVE-2024-27266 DESCRIPTION: IBM Maximo Application Suite is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A...

8.2CVSS8.2AI score0.00847EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 3:16 p.m.•56 views

Security Bulletin: There is a vulnerability in Amazon Ion used by IBM Maximo Asset Management application (CVE-2024-21634)

Summary There is a vulnerability in Amazon Ion used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a specially crafted...

7.5CVSS7.5AI score0.0082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 3:14 p.m.•26 views

Security Bulletin: IBM Security Verify Directory products are vulnerable to CVE-2022-32751

Summary A Security Vulnerability discovered by the IBM Ethical Hacking team has been fixed in IBM Security Directory products. Vulnerability Details CVEID:CVE-2022-32751 DESCRIPTION: IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further...

5.3CVSS5.5AI score0.00453EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 3:13 p.m.•50 views

Security Bulletin: There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Asset Management application (CVE-2023-44487)

Summary There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 3:8 p.m.•123 views

Security Bulletin: There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-44487)

Summary There is a vulnerability in HTTP/2 protocol used by Netty on IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in t...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 1:54 p.m.•28 views

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to stored cross-site scripting (CVE-2023-38723)

Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to stored cross-site scripting. Vulnerability Details CVEID:CVE-2023-38723 DESCRIPTION: IBM Maximo Application Suite is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary...

6.4CVSS6AI score0.00315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 1:47 p.m.•40 views

Security Bulletin: There is a vulnerability in Java SE used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-20918, CVE-2024-20926 and CVE-2024-20952)

Summary There is a vulnerability in Java SE used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentialit...

7.4CVSS6.6AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 11:18 a.m.•61 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat (CVE-2024-24549, CVE-2024-23672)

Summary IBM Integration Bus for z/OS is vulnerable to a denial of service due to Apache Tomcat. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by improper...

7.5CVSS7AI score0.23072EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 9:33 a.m.•33 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) could provide weaker than expected security (CVE-2023-50313)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM could provide weaker than expected security for outbound TLS connections.Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security...

6.5CVSS5.9AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 8:23 a.m.•30 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM DB2 which is shipped with IBM Intelligent Operations Center.

Summary IBM DB2 shipped with IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM DB2 has been published in a security bulletin CVE-2023-38729, CVE-2012-2677, CVE-2024-25030, CVE-2024-25046, CVE-2024-27254, CVE-2023-52296, CVE-2024-22360 Vulnerability Detail...

6.8CVSS5.9AI score0.03889EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/05 8:23 a.m.•27 views

Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server shipped with IBM® Intelligent Operations Center (CVE-2023-50313)

Summary IBM WebSphere® Application Server is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere® Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

6.5CVSS5.8AI score0.00177EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/04 9:46 p.m.•27 views

Security Bulletin: Multiple vulnerabilities in IBM DataPower Gateway

Summary While core IBM DataPower Gateway does not use Java, certain components shipped with IDG may be vulnerable. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentialit...

7.5CVSS7AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/04 6:41 p.m.•23 views

Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM Java, OpenSSL, and libcurl. The flaws can lead to denial of service, bypass security restrictions, confidentiality impact, integrity impact, availability impact, and sensitive...

7.5CVSS8.2AI score0.03658EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/04 6:41 p.m.•35 views

Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V can be affected by security flaws in IBM Java, OpenSSL, and libcurl. The flaws can lead to denial of service, bypass security restrictions, confidentiality impact, integrity impact, availability impact, an...

7.5CVSS8.2AI score0.02434EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/04 6:40 p.m.•22 views

Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM Java, OpenSSL, and libcurl. The flaws can lead to denial of service, bypass security restrictions, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as...

7.5CVSS8.3AI score0.77901EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/04 5:47 p.m.•36 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a denial of service due to Apache Commons Compress (CVE-2024-25710, CVE-2024-26308)

Summary Apache Commons Compress is shipped with IBM Tivoli Netcool Impact as part of it's server communication infrastructure. Information about security vulnerabilities affecting Apache Commons Compress has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-25710...

8.1CVSS7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2024/04/04 5:46 p.m.•72 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a machine-in-the-middle attack due to Apache MINA SSHD (CVE-2023-48795)

Summary Apache MINA SSHD is shipped with IBM Tivoli Netcool Impact as part of the Command Line Manager service. Information about a security vulnerability affecting Apache MINA SSHD has been published in a security bulletin. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is...

5.9CVSS6.5AI score0.93305EPSS
Exploits4Affected Software1
Total number of security vulnerabilities35092