Lucene search
K

35744 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/12 1:43 p.m.•26 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery (SSRF) vulnerability which is vulnerable to CVE-2024-22329

Summary IBM Maximo Application Suite Predict Component uses: webSphere Application Server Liberty is vulnerable to a server-side request forgery SSRF vulnerability which is vulnerable to CVE-2024-22329. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...

4.3CVSS5.4AI score0.00302EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/12 1:42 p.m.•16 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775

Summary IBM Maximo Application Suite Predict Component uses :IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

6.5CVSS6.7AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/12 1:40 p.m.•24 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service which is vulnerable to CVE-2024-27268 .This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-272...

7.5CVSS6.5AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/12 1:38 p.m.•27 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable to CVE-2024-22353

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service when using the openidConnectClient-1.0 or socialLogin-1.0 feature which is vulnerable toCVE-2024-22353.This bulletin contains information regarding the...

7.5CVSS6.8AI score0.00818EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/12 1:34 p.m.•31 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting (CVE-2024-27270).

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty is vulnerable to cross-site scripting CVE-2024-27270. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-27270 DESCRIPTION: IBM...

6.1CVSS4.8AI score0.0037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/12 12:54 p.m.•23 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty could provide weaker than expected security which is vulnerable to CVE-2023-50312

Summary IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-50312.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere...

6.5CVSS5.9AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/12 11:43 a.m.•15 views

Security Bulletin: IBM Jazz Reporting Service is vulnerable to Information Disclosure (CVE-2024-25052)

Summary If Jazz Authentication Service is enabled, IBM Jazz Reporting System shows the JSA Client Secret in plain text. Vulnerability Details CVEID:CVE-2024-25052 DESCRIPTION: IBM Jazz Reporting Service stores user credentials in plain clear text which can be read by an Admin user. CVSS Base scor...

4.4CVSS4.3AI score0.00164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/12 9:25 a.m.•36 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to VMware Tanzu Spring

Summary There are vulnerabilities in VMware Tanzu Spring Security and Framework used by Integrated Web Services in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-22257...

8.2CVSS8AI score0.01191EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/12 6:36 a.m.•30 views

Security Bulletin: Multiple vulnerabilities in Open JDK affecting Rational Functional Tester / DevOps Test UI

Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester RFT / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component coul...

3.7CVSS4.5AI score0.01276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 9:24 p.m.•30 views

Security Bulletin: IBM Rational Developer for i is vulnerable to leaked credentials due to a flaw in follow-redirects (CVE-2024-28849).

Summary IBM Rational Developer for i contains Code Coverage functionality which has a browser interface. The browser interface utilizes follow-redirects which could allow a remote attacker to obtain credentials CVE-2024-28849. This bulletin identifies the steps to take to address the vulnerabilit...

6.5CVSS7AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 8:0 p.m.•18 views

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details IBM X-Force ID: 294242 DESCRIPTION: Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By addi...

8.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 7:48 p.m.•31 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. (CVE-2023-29267)

Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details CVEID:CVE-2023-29267 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as a trap may occur...

6.5CVSS7AI score0.00572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 5:41 p.m.•28 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables. (CVE-2024-31881)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. Vulnerability Details CVEID:CVE-2024-31881 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is...

6.5CVSS7.7AI score0.006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 5:40 p.m.•23 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when using a specially crafted statement. (CVE-2024-31880)

Summary IBM® Db2® is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. Vulnerability Details CVEID:CVE-2024-31880 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect...

6.5CVSS9.5AI score0.00394EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 5:39 p.m.•30 views

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library. (CVE-2024-29131, CVE-2024-29133)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-configuration2 library when using the NoSQL Hadoop wrapper. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on...

7.3CVSS7.6AI score0.02054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 5:35 p.m.•33 views

Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library. (CVE-2024-29025)

Summary IBM® Db2® federated server is affected by a vulnerability in the open source netty-codec-http library when using the NoSQL Blockchain wrapper. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the...

5.3CVSS5.7AI score0.0138EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 5:31 p.m.•25 views

Security Bulletin: IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)

Summary IBM® Db2® NSE Net Search Extender is affected by a vulnerability in the open source Expat library. Vulnerability Details CVEID:CVE-2024-28757 DESCRIPTION: libexpat could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

7.5CVSS8.3AI score0.02006EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 5:30 p.m.•25 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. (CVE-2024-28762)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query under certain conditions. Vulnerability Details CVEID:CVE-2024-28762 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server is vulnerable to denial of service with a specially crafted query...

6.5CVSS7.1AI score0.00572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 5:29 p.m.•41 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. (CVE-2023-45178)

Summary IBM® Db2® is vulnerable to a denial of service when a specially crafted request is used via CLI. Vulnerability Details CVEID:CVE-2023-45178 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server CLI is vulnerable to a denial of service when a specially crafted reques...

7.5CVSS7.5AI score0.0109EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 5:27 p.m.•24 views

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library. (CVE-2024-25710, CVE-2024-26308)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source commons-compress library when using the NoSQL Blockchain wrapper. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop...

8.1CVSS7.1AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 5:24 p.m.•55 views

Security Bulletin: IBM® Db2® is affected by a vulnerability in the open source zlib library. (CVE-2023-45853)

Summary IBM® Db2® is affected by a vulnerability in the open source zlib library. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip is vulnerable to a denial of service, caused by an integer overflow and resultant heap-based buffer overflow in the zipOpenNewFileInZip464 function. By...

9.8CVSS9.5AI score0.02918EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 9:52 a.m.•59 views

Security Bulletin: IBM Workload Automation potentially affected by multiple vulnerabilities in Java.

Summary IBM Workload Automation potentially vulnerable to multiple vulnerabilities in Java that can cause integrity, availability, information disclosure issues CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-2597...

9.1CVSS8.8AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/11 9:50 a.m.•43 views

Security Bulletin: Spring vulnerability in embedded components may affect IBM Business Automation Workflow - CVE-2024-22243

Summary IBM Business Automation Workflow is vulnerable to a open redirect attack. Vulnerability Details CVEID:CVE-2024-22243 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability when using UriComponentsBuild...

8.1CVSS7.9AI score0.03967EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/10 10:47 p.m.•64 views

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION:...

7.5CVSS9.2AI score0.99999EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/10 10:46 p.m.•44 views

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION:...

7.5CVSS6.5AI score0.01449EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/10 9:17 p.m.•66 views

Security Bulletin: Vulnerable netty classes from couchdb affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafte...

9.1CVSS9.1AI score0.13474EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/10 7:30 p.m.•27 views

Security Bulletin: IBM Master Data Management affected by vulnerabilities in IBM WebSphere Application Server (CVE-2023-51775)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server . IBM WebSphere Application uses the jose4j library which was found to be vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/10 5:50 p.m.•20 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF Vulnerability Details CVEID:CVE-2023-6228 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in cpStripToTile function in tools/tiffcp.c. By persuading a...

5.5CVSS6.5AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/10 2:18 p.m.•22 views

Security Bulletin: IBM Master Data Management affected by IBM WebSphere Application Server vulnerabilities to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expo...

7CVSS7.3AI score0.00649EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 10:22 p.m.•22 views

Security Bulletin: IBM Master Data Management affected by IBM WebSphere Application Server vulnerabilities to server-side request forgery (CVE-2024-22329)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server. WebSphere Application Server is vulnerable to server-side request forgery SSRF. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct th...

4.3CVSS5.4AI score0.00302EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 7:32 p.m.•20 views

Security Bulletin: IBM i Service Tools Server (SST) is vulnerable to SST user profile enumeration [CVE-2024-31878].

Summary IBM i Service Tools Server is vulnerable to SST user profile enumeration by a remote actor as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section. Vulnerability Details...

5.3CVSS5.2AI score0.00447EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 5:19 p.m.•21 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2024-25026)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS6.4AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 3:32 p.m.•54 views

Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities

Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details CVEID:CVE-2019-13631 DESCRIPTION: Linux Kernel could allow a physical attacker to execute arbitrary code on the...

10CVSS9AI score0.07619EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 2:47 p.m.•22 views

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path (CVE-2023-51074)

Summary B2B API of IBM Sterling B2B Integrator is vulnearble to denial of service due to json-path CVE-2023-51074. IBM Sterling B2B Integrator has remediated this vulnerabilty; Follow steps identified in Remediation/Fixes section to address vulnerability in your environment. Vulnerability Details...

5.3CVSS5.7AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 1:34 p.m.•16 views

Security Bulletin: The IBM® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188

Summary IBM® Engineering Lifecycle Optimization - Publishing is vulnerable to CVE-2023-45188Malicious File Upload. Remediations/Fixes section of this bulletin provide instructions on how to address this vulnerability. Vulnerability Details CVEID:CVE-2023-45188 DESCRIPTION: IBM Engineering Lifecyc...

9.8CVSS6.9AI score0.00651EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 11:6 a.m.•51 views

Security Bulletin: IBM Workload Automation is potentially affected by a vulnerability in OpenSSL that might cause Denial of Service

Summary IBM Workload Automation is potentially affected by multiple vulnerabilities in OpenSSL that could cause Denial of Service CVE-2023-4807, CVE-2023-3817 Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in...

7.8CVSS6.8AI score0.02577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 6:51 a.m.•23 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775

Summary Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to jose4j - CVE-2023-51775. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-51775...

6.5CVSS6.7AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 6:47 a.m.•35 views

Security Bulletin: IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775.

Summary IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused ...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 6:46 a.m.•30 views

Security Bulletin: IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135.

Summary IBM Maximo Application Suite uses gunicorn-21.2.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling,...

7.5CVSS7.2AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 6:45 a.m.•21 views

Security Bulletin: IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710.

Summary IBM Suite License Service uses commons-compress-1.25.0.jar which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerabl...

8.1CVSS6.6AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 6:44 a.m.•33 views

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...

9.1CVSS7.6AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 6:44 a.m.•30 views

Security Bulletin: IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455 , CVE-2023-34454 and CVE-2023-43642

Summary IBM Asset Data Dictionary Component uses zookeeper-3.5.9.jar and snappy-java-1.1.8.3.jar which are vulnerable to CVE-2023-44981,CVE-2023-34453, CVE-2023-34455, CVE-2023-34454 and CVE-2023-43642. This bulletin contains information regarding the vulnerability and its remediation...

9.1CVSS7.6AI score0.01762EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/07 6:1 a.m.•41 views

Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology

Summary The IBM® Engineering System Design Rhapsody 10.0 iFix001, The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 and The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 contain fixes for vulnerabilities identified in the Vulnerabilities Details section. The refererred iFix versio...

5.8CVSS7.9AI score0.7848EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/06 8:34 p.m.•23 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM Master Data Management (CVE-2023-50313)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server which could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. This may result in SSL cipher suites being ignored...

6.5CVSS5.8AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/06 4:18 p.m.•12 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (April 2024)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/06 4:18 p.m.•10 views

Security Bulletin: Multiple security vulnerabilities Affect IBM WebSphere Application Server Liberty shipped with IBM OpenPages

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in multiple security bulletins. These products have addressed the applicable CVEs...

6.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/06 2:36 p.m.•56 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22259 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacke...

8.3CVSS8.8AI score0.99995EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/06 12:29 p.m.•23 views

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package

Summary Storage Virtualize Ansible Collection uses the third-party library paramiko to implement SSH for authentication to target systems. Version 3.3.1 of paramiko is vulnerable to CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a...

5.9CVSS6.5AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/06 6:30 a.m.•39 views

Security Bulletin: IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041.

Summary IBM Maximo Application Suite uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to condu...

6.1CVSS6.3AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/05 10:6 p.m.•25 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server and WebSphere Application Server Liberty affect IBM Watson Explorer ( CVE-2024-22329, CVE-2023-50312)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE CVE-2024-22329, CVE-2023-50312. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5,...

6.5CVSS5.3AI score0.00592EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35744