Lucene search
K

35744 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 8:46 a.m.37 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2019-11358)

Summary There is a vulnerability in jQuery used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-23064 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

6.1CVSS6.4AI score0.87218EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 8:44 a.m.33 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2022-26336)

Summary Used by IBM Decision Optimization for IBM Cloud Pak for Data, Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details...

5.5CVSS6.3AI score0.0152EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 7:43 a.m.58 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309.

Summary Security Bulletin: IBM Maximo Application Suite - IoT Component uses Kafka - 3.0.2 which is vulnerable to CVE-2024-27309. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-27309 DESCRIPTION: Apache Kafka is vulnerable to a...

7.4CVSS7.3AI score0.01125EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 6:49 a.m.32 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Watson Explorer and Watson Explorer Content Analytics Studio (CVE-2024-20952, CVE-2024-20918,CVE-2024-20921, CVE-2023-33850)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. CVE-2024-20952,...

7.5CVSS7.1AI score0.00918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 6:47 a.m.35 views

Security Bulletin: IBM Watson Explorer affected by vulnerability in Apache ZooKeeper.(CVE-2024-23944)

Summary IBM Watson Explorer Foundational Components contains a vulnerable version of Apache ZooKeeper.CVE-2024-23944 Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent...

5.3CVSS7.2AI score0.00246EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/20 12:38 a.m.49 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.04903EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 8:47 p.m.53 views

Security Bulletin: IBM WebSphere Application Server is vulnerable to identity spoofing (CVE-2024-37532)

Summary IBM WebSphere Application Server is vulnerable to identity spoofing. Vulnerability Details CVEID:CVE-2024-37532 DESCRIPTION: IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. CVSS Base score: 8.8 CVSS Tempora...

8.8CVSS8.3AI score0.00353EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 5:53 p.m.63 views

Security Bulletin: Vulnerabilities in Linux components affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in libssh, nginx and nghttp2 affect IBM Storage Virtualize products and could cause denial of service and bypassing of authentication. CVE-2023-44487, CVE-2023-1667, CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a...

7.5CVSS8.3AI score0.99999EPSS
Exploits21Affected Software13
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 3:29 p.m.42 views

Security Bulletin: Vulnerabilities in Apache Tomcat affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in Apache Tomcat affect the product's management GUI, potentially allowing denial of service. The Command Line Interface is unaffected. CVE-2024-23672, CVE-2024-24549. Vulnerability Details CVEID:CVE-2024-23672 DESCRIPTION: Apache Tomcat is vulnerable to a denial of servic...

7.5CVSS7.4AI score0.23072EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 3:28 p.m.40 views

Security Bulletin: Vulnerabilities in IBM Java affect IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects the product's management GUI. The Command Line Interface is unaffected. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. Vulnerability Details...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 10:43 a.m.27 views

Security Bulletin: A vulnerability in Transparent Cloud Tiering affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in netty-codec-http affects the Transparent Cloud Tiering function in IBM Storage Virtualize products. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the lsvolumebackup CLI command - if there is no output, then this feature is not...

5.3CVSS6.1AI score0.0138EPSS
Exploits1Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 10:34 a.m.36 views

Security Bulletin: Vulnerabilities in Transparent Cloud Tiering affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in netty-codec-http2 and commons-compress affect the Transparent Cloud Tiering function in IBM Storage Virtualize products. CVE-2023-44487, CVE-2024-25710, CVE-2024-26308. Most systems do not have Transparent Cloud Tiering configured. You can confirm by running the...

8.1CVSS8AI score0.99999EPSS
Exploits19Affected Software10
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/19 10:32 a.m.26 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues due to Apache Commons Configuration and Fasterxml jackson-databind

Summary There are vulnerabilities in Apache Commons Configuration and Fasterxml jackson-databind used by Install Agent, Integrated File Agent and Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the...

7.3CVSS7.5AI score0.02054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 10:3 p.m.49 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json may affect IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, libcurl, Apache Xerces C++ XML parser, and Newtonsoft.Json. The flaws can lead to server-side request forgery, bypass of security...

9.8CVSS10AI score0.78483EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 8:51 p.m.29 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect Backup-Archive Client

Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery, bypass of security restrictions, denial of service, and arbitrary...

9.8CVSS9.2AI score0.78483EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 8:3 p.m.54 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...

9.8CVSS7.6AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 2:2 p.m.65 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.2 Vulnerability Details CVEID:CVE-2018-1000134 DESCRIPTION: Ping Identity UnboundID LDAP SDK could allow a remote attacker to...

9.8CVSS9.2AI score0.91896EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 2:1 p.m.60 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.3 Vulnerability Details CVEID:CVE-2022-46364 DESCRIPTION: Apache CXF is vulnerable to server-side request forgery, caused by a fl...

9.8CVSS10AI score0.99931EPSS
Exploits52Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 8:14 p.m.48 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

8.2CVSS9.5AI score0.02573EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 8:13 p.m.13 views

Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks (CVE-2023-47726)

Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard input. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...

8.8CVSS7.6AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 7:37 p.m.38 views

Security Bulletin: A remote execution vulnerability in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition. A remote execution of arbitrary commands vulnerability affecting Node.js has been published in this security bulletin. This bulletin...

8.1CVSS7.5AI score0.01387EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 3:53 p.m.12 views

Security Bulletin: IBM Sterling B2B Integrator - The Document Service Container in IBM Sterling B2B Integrator is vulnerable to denial of service due to jackson-core (256137)

Summary The Document Service Container in IBM Sterling B2B Integrator is vulnerable to a denial of service due to jackson-core 256137. IBM Sterling B2B Integrator has addressed the vulnerabilty in the Remediation/Fixes section of this bulletin. Vulnerability Details IBM X-Force ID: 256137...

7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 3:46 p.m.30 views

Security Bulletin: A vulnerability in Apache Xerces C++ XML parser may affect IBM Storage Protect HSM for Windows

Summary IBM Storage Protect HSM for Windows can be affected by a security flaw in Apache Xerces C++ XML parser. The flaw can lead to arbitrary code execution, as described in the "Vulnerability Details" section. CVE-2024-23807. Vulnerability Details CVEID:CVE-2024-23807 DESCRIPTION: Apache Xerces...

9.8CVSS8.4AI score0.01482EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 2:48 p.m.33 views

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.2 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2014-3643 DESCRIPTION: Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by jersey SAX parser. By sending ...

9.8CVSS9.1AI score0.95707EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 2:45 p.m.29 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK (CVE-2024-38264)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Jav...

7.5CVSS5.8AI score0.01299EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 12:38 p.m.41 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to a denial of service and a remote authenticated attacker (CVE-2024-29857, CVE-2024-30171 & CVE-2024-30172)

Summary IBM App Connect for Manufacturing is vulnerable to a denial of service and a remote authenticated attacker accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle...

7.5CVSS7.1AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 11:59 a.m.53 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details CVEID:CVE-2023-6004 DESCRIPTION: libssh could allow a local authenticate...

7.5CVSS8AI score0.01421EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 8:34 a.m.24 views

Security Bulletin: IBM Maximo Application Suite uses jose-2.0.6.tgz which is vulnerable to CVE-2024-28176.

Summary Security Bulletin: IBM Maximo Application Suite uses jose-2.0.6.tgz which is vulnerable to CVE-2024-28176. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial ...

5.9CVSS5.4AI score0.02085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/17 8:31 a.m.24 views

Security Bulletin: IBM Maximo Application Suite uses follow-redirects-1.15.4.tgz which is vulnerable to CVE-2024-28849

Summary IBM Maximo Application Suite uses follow-redirects-1.15.4.tgz which is vulnerable to CVE-2024-28849. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote...

6.5CVSS6.7AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/15 1:0 a.m.30 views

Security Bulletin: IBM i is vulnerable to user profile enumeration due to a supplied table function in Db2 for i. [CVE-2024-31870]

Summary IBM i is vulnerable to a local user enumerating user profile names without authority to the user profile objects as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section...

3.3CVSS3.6AI score0.00171EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 4:30 p.m.32 views

Security Bulletin: Vulnerabilities in Golang Go and RabbitMQ Java Client might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Golang Go and RabbitMQ Java Client. Vulnerabilities include cause a denial of service condition and cause a memory overflow on the system as described by the CVE in the "Vulnerability Details" section. CVE-2023-45288,...

7.5CVSS7.4AI score0.91969EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 4:27 p.m.41 views

Security Bulletin: Vulnerabilities in libcurl, cURL and Linux Kernel might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in libcurl, cURL and Linux Kernel. Vulnerabilities include an attacker could exploit these vulnerabilities to overflow a buffer and execute arbitrary code on the system, to insert cookies at will into a running program, t...

9.8CVSS9.7AI score0.78483EPSS
Exploits29Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 4:25 p.m.23 views

Security Bulletin: Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management components that leverage Go

Summary Multiple vulnerabilities in Golang Go affect IBM Storage Copy Data Management components that leverage Go essentially VADP 'VM' backup. Vulnerabilities including execution of arbitrary code on the system, remote attacker can cause an infinite loop, as described by the CVEs in the...

6.4CVSS8.1AI score0.01001EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 3:19 p.m.59 views

Security Bulletin: EDB Postgres Advanced Server (EPAS)

Summary This security bulletin identifies a set of common vulnerabilities that have been addressed in EDB Postgres Advanced Server with IBM 15.4. Vulnerability Details CVEID:CVE-2023-41113 DESCRIPTION: EnterpriseDB Postgres Advanced Server could allow a remote authenticated attacker to obtain...

9.8CVSS7.5AI score0.00772EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 11:38 a.m.22 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to an attack to execute arbitrary code due to XMLUnit (CVE-2024-31573)

Summary IBM App Connect Enterprise is vulnerable to an attack to execute arbitrary code when XMLUnit is used to transform data with a stylesheet from an untrusted source. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-31573 DESCRIPTIO...

4CVSS7.8AI score0.00216EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 10:40 a.m.84 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules (CVE-2024-4067 & CVE-2024-4068)

Summary IBM App Connect Enterprise is vulnerable to a denial of service due to Node.js micromatch & braces modules. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial o...

7.5CVSS6.2AI score0.01471EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 10:20 a.m.26 views

Security Bulletin: An unspecified vulnerability in IBM Semeru Runtime that is shipped with IBM App Connect Enterprise (CVE-2024-21012)

Summary An unspecified vulnerability in IBM Semeru Runtime that is shipped with IBM App Connect Enterprise. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21012 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

3.7CVSS4AI score0.00902EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 9:53 a.m.48 views

Security Bulletin: IBM Operational Decision Manager for May 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-22201...

8.2CVSS9AI score0.16157EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/14 12:0 a.m.40 views

Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-27982, CVE-2024-27983)

Summary Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-27982...

8.2CVSS6.9AI score0.87211EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/13 10:4 p.m.35 views

Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)

Summary Vulnerability in Python could allow a remote attacker to obtain sensitive information CVE-2024-28757. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2024-28757 DESCRIPTION: libexpat could allow a remote attacker to obtain sensitive...

7.5CVSS8.5AI score0.02006EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/13 3:43 p.m.71 views

Security Bulletin: Vulnerabilty in the .NET Core Framework may affect IBM Robotic Process Automation and could allow an attacker to remotely execute arbitrary code.

Summary There is a vulnerability in System.Drawing.Comman used by IBM Robotic Process Automation as part of the .NET Core framework. CVE-2021-24112. The vulnerability could allow an attacker to remotely execute arbitrary code. This bulletin identifies the security fixes to apply to address this...

9.8CVSS8.1AI score0.0327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/13 6:21 a.m.46 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 273. Vulnerability Details CVEID:CVE-2023-6516 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an out-of-memory condition. By using specific...

7.5CVSS8.4AI score0.99995EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/12 7:52 p.m.22 views

Security Bulletin: IBM Maximo Asset Management - There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application (CVE-2024-3933)

Summary There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: Eclipse Openj9 could allow a local authenticated attacker to bypass security restrictions, caused by the failure to restrict access to a buffer...

7.3CVSS5.8AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/12 3:55 p.m.20 views

Security Bulletin: IBM Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29203)

Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2024-29203 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the iframe elements. A remote...

6.1CVSS4.9AI score0.00722EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/12 3:54 p.m.25 views

Security Bulletin: Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29881)

Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. CVE-2024-29881. Vulnerability Details CVEID:CVE-2024-29881 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the external SVG...

6.1CVSS5AI score0.00722EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/12 3:47 p.m.23 views

Security Bulletin: IBM Maximo Asset Management application is vulnerable to sensitive information disclosure (CVE-2024-22333)

Summary IBM Maximo Asset Management application is vulnerable to sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-22333 DESCRIPTION: IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4 CVSS...

3.3CVSS3.4AI score0.0018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/12 3:47 p.m.24 views

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2024-22333)

Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-22333 DESCRIPTION: IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system. CVSS...

3.3CVSS3.4AI score0.0018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/12 1:46 p.m.40 views

Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171

Summary IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a...

5.9CVSS6.3AI score0.00901EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/12 1:45 p.m.22 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-25026

Summary IBM Maximo Application Suite Predict Component IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable toCVE-2024-25026 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-25026...

7.5CVSS6.5AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/12 1:44 p.m.23 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity XXE injection vulnerability CVE-2024-22354.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7CVSS7.3AI score0.00649EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35744