Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35097 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:43 p.m.23 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to high integrity impacts due to Oracle Java SE (CVE-2023-22043)

Summary IBM Sterling Partner Engagement Manager uses Oracle Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22043 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the JavaFX component could allow a remote...

5.9CVSS5.5AI score0.00974EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:41 p.m.25 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to low availability impacts due to Java SE (CVE-2023-22036)

Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22036 DESCRIPTION: An unspecified vulnerability in Java SE related to the Utility component could allow a remote attacker to...

3.7CVSS5.5AI score0.01117EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:39 p.m.24 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to high confidentiality impacts due to Jave SE (CVE-2023-22041)

Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22041 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local attacker to cause...

5.1CVSS5.8AI score0.00487EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:37 p.m.25 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Java SE (CVE-2022-21426)

Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-21426 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated...

5.3CVSS6AI score0.03003EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:35 p.m.21 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to unsafe deserialization due to IBM SDK (CVE-2022-40609)

Summary IBM Sterling Partner Engagement Manager uses IBM SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attack...

9.8CVSS9AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:33 p.m.21 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Hutool (CVE-2022-45688)

Summary IBM Sterling Partner Engagement Manager uses Hutool. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is vulnerable to a denial of service, caused by stack-based buffer overflow. By persuading a special...

7.5CVSS7.4AI score0.01181EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:30 p.m.27 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to low integrity impacts due to Java SE (CVE-2023-22006)

Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-22006 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking component could allow a remote attacker ...

3.1CVSS5.6AI score0.00874EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:28 p.m.21 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Sterling Partner Engagement Manager uses Apache Commons FileUpload. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by no...

7.5CVSS7.6AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:25 p.m.19 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to hjson-java (CVE-2023-39685)

Summary IBM Sterling Partner Engagement Manager uses hjson-java. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-39685 DESCRIPTION: Hjson hjson-java is vulnerable to a denial of service, caused by improper input validation. By sending ...

7.5CVSS7.4AI score0.00745EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:16 p.m.31 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable directory traversal due to Apache Shiro (CVE-2023-34478)

Summary IBM Sterling Partner Engagement Manager uses Apache Shiro. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34478 DESCRIPTION: Apache Shiro could allow a remote authenticated attacker to traverse directories on the system, cause...

9.8CVSS9.2AI score0.01533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:13 p.m.29 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to multiple issues due to Oracle Java SE

Summary IBM Sterling Partner Engagement Manager uses Oracle Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the...

9.1CVSS8.2AI score0.02495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:9 p.m.11 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Java SE (CVE-2023-21830, CVE-2023-21843)

Summary IBM Sterling Partner Engagement Manager uses Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization component could allow a remote...

5.3CVSS5.2AI score0.01357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 5:0 p.m.21 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details IBM X-Force ID: PSIRT-ADV0103951...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 3:58 p.m.42 views

Security Bulletin: IBM Maximo Mobile for EAM is vulnerable to Information Disclosure LDAP only (CVE-2023-43043)

Summary IBM Maximo Mobile for EAM could disclose sensitive information to a local user. Vulnerability Details CVEID:CVE-2023-43043 DESCRIPTION: IBM Maximo Application Suite - Maximo Mobile for EAM could disclose sensitive information to a local user. CVSS Base score: 5.1 CVSS Temporal Score: See:...

5.5CVSS4.7AI score0.00152EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 2:42 p.m.27 views

Security Bulletin: Vulnerabilities in IBM Java SDK (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676) affect Power HMC

Summary IBM Java SDK is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality...

5.9CVSS5.7AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 12:46 p.m.46 views

Security Bulletin: There are multiple vulnerabilities in Go related packages that are shipped with IBM CICS TX Standard.

Summary There are multiple vulnerabilities in Go related packages that are shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a...

7.5CVSS7.7AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 12:18 p.m.32 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from IBM MQ

Summary IBM MQ added security fixes around "handling the crafterd URL", "removed clear text for user credentials in trace options" and "improved buffering logic to avoid DoS attack. The IBM MQ which contains above fixes is shipped with IBM MQ Operator and IBM supplied MQ Advanced container images...

7.5CVSS7.1AI score0.00849EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 9:30 a.m.18 views

Security Bulletin: IBM Maximo Application Suite uses certifi-2023.5.7-py3-none-any.whl which is vulnerable to CVE-2023-37920

Summary IBM Maximo Application Suite uses certifi-2023.5.7-py3-none-any.whl which is vulnerable to CVE-2023-37920. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: An unspecified error with the removal of e-Tug...

9.8CVSS8.4AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 9:26 a.m.36 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Semeru Runtime

Summary IBM Sterling Connect:Direct File Agent uses IBM Semeru Runtime version 17. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could all...

7.5CVSS6.5AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 9:21 a.m.33 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition

Summary IBM Sterling Connect:Direct File Agent uses IBM Runtime Environment Java Technology Edition, Version 7 and 8. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related ...

7.5CVSS6.5AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/12 9:19 a.m.27 views

Security Bulletin: Vulnerability in commons-fileupload affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-24998]

Summary The commons-fileupload package is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-24998 Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service...

7.5CVSS7.5AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 11:5 p.m.31 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2024) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2024. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified...

7.5CVSS7.2AI score0.00911EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 7:44 p.m.27 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. QOS.ch Sarl Logback is vulnerable to a denial of service CVE-2023-6481, CVE-2023-6378. The Bouncy Castle Crypto Package For Java...

7.5CVSS8.4AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 5:43 p.m.44 views

Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2019-14322, CVE-2019-14806]

Summary The Werkzeug package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2019-14322, CVE-2019-14806 Vulnerability Details CVEID:CVE-2019-14322 DESCRIPTION: Pallets Werkzeug could allow a remote attacker to traverse...

7.5CVSS7.4AI score0.55526EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 4:25 p.m.24 views

Security Bulletin: There are multiple vulnerabilities in IBM Semeru Runtime and IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway Desktop Edition.

Summary There are multiple vulnerabilities in IBM Semeru Runtime and IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway Desktop Edition. An update to CICS Transaction Gateway Desktop Edition has been released to address these vulnerabilities. Vulnerability Details...

7.5CVSS7AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 4:22 p.m.25 views

Security Bulletin: There are multiple vulnerabilities in IBM Semeru Runtime and IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway for Multiplatforms.

Summary There are multiple vulnerabilities in IBM Semeru Runtime and IBM SDK, Java Technology Edition that is shipped with CICS Transaction Gateway for Multiplatforms. An update to CICS Transaction Gateway for Multiplatforms has been released to address these vulnerabilities. Vulnerability Detail...

7.5CVSS7AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 3:7 p.m.48 views

Security Bulletin: Vulnerabilities in Python packages might affect IBM Storage Defender – Resiliency Service (CVE-2024-22195, CVE-2024-26130, CVE-2023-50782)

Summary IBM Storage Defender – Resiliency Service is vulnerable and that can result in denial of service attacks, cross-site scripting, execution of arbitrary code, gaining elevated privileges, low integrity and confidentiality impacts, and the ability to obtain sensitive information. The...

7.5CVSS7.9AI score0.01109EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 2:52 p.m.46 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a machine-in-the-middle attack CVE-2023-48795

Summary OpenSSH is used by the IBM Datapower Operations Dashboard for general remote services. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when...

5.9CVSS6.4AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 2:51 p.m.30 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-31419

Summary OpenSearch is used by the IBM Datapower Operations Dashboard in their monitoring and analytics infrastructure. Vulnerability Details CVEID:CVE-2023-31419 DESCRIPTION: Elasticsearch is vulnerable to a denial of service, caused by a stack-based buffer overflow in the search API. By sending ...

7.5CVSS7AI score0.60679EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 2:50 p.m.30 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a local authenticated attacker to obtain sensitive information CVE-2023-0833

Summary Red Hat AMQ-Streams is used by the IBM Datapower Operations Dashboard implementation of Kubernetes operators Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: Red Hat AMQ-Streams could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in OKHttp...

5.5CVSS4.8AI score0.00432EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 2:37 p.m.33 views

Security Bulletin: Due to the use of OpenTelemetry gRPC, IBM CICS TX Standard is vulnerable to an Denial of Service vulnerability (CVE-2023-47108).

Summary There is a vulnerability in OpenTelemetry gRPC package which is shipped as part of IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47108 DESCRIPTION: OpenTelemetry OpenTelemetry-Go Contrib is...

7.5CVSS7.5AI score0.01579EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 1:16 p.m.31 views

Security Bulletin: Vulnerability in Python-urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS2.0)

Summary Python-urllib3 is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2020-26137,CVE-2020-7212, CVE-2021-33503. Vulnerability Details CVEID:CVE-2020-26137 DESCRIPTION: urllib3 is vulnerable to CRLF injection. By inserting CR an...

7.8CVSS7.2AI score0.03288EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 1:8 p.m.31 views

Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2021-33503]

Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVECVE-2021-33503 . Vulnerability Details CVEID:CVE-2021-33503 DESCRIPTION: urllib3 is vulnerable to a denial of service, caused by a regular expression denial ...

7.5CVSS7.4AI score0.03273EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 1:4 p.m.28 views

Security Bulletin: Security Vulnerabilities in JRE affect IBM Voice Gateway

Summary Security Vulnerabilities in JRE affect IBM Voice Gateway Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and high integrity impact. CVSS Bas...

7.5CVSS6.6AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 12:51 p.m.25 views

Security Bulletin: Vulnerability in PyYAML affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2020-14343]

Summary The PyYAML package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2020-14343. Vulnerability Details CVEID:CVE-2020-14343 DESCRIPTION: YAML PyYAML could allow a remote attacker to execute arbitrary code on the system,...

10CVSS7.8AI score0.05984EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 12:30 p.m.29 views

Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [ CVE-2020-25032]

Summary The Flask-Cors package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2020-25032. Vulnerability Details CVEID:CVE-2020-25032 DESCRIPTION: Flask-CORS could allow a remote attacker to traverse directories on the system. ...

7.5CVSS7.3AI score0.04017EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/11 2:24 a.m.21 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI due to January 2024 CPU

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 10:36 p.m.64 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer allocation in...

9.8CVSS9.1AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 4:54 p.m.40 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a local authenticated attacker (CVE-2023-5752)

Summary There is a vulnerability in Python Packaging Authority pip used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: Python Packaging Authority...

5.5CVSS4.6AI score0.00476EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 4:54 p.m.33 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote authenticated attacker (CVE-2023-45143)

Summary There is a vulnerability in Node.js undici module used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-45143 DESCRIPTION: Node.js undici module could allow ...

3.9CVSS5.4AI score0.01223EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 4:53 p.m.22 views

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a remote attacker (CVE-2023-26159)

Summary There is a vulnerability in follow-redirects used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote...

7.3CVSS6.4AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 2:47 p.m.29 views

Security Bulletin: Vulnerabilities in IBM SDK, Java Technology affect Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software

Summary Vulnerabilities in IBM SDK, Java Technology affect Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software CVE-2023-33850, CVE-2023-22067 Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to...

7.5CVSS6.4AI score0.00888EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 2:41 p.m.34 views

Security Bulletin: There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM CICS TX Advanced (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850).

Summary There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM CICS TX Advanced CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. An update to IBM CICS TX Advanced has been released to addre...

7.5CVSS7AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 2:30 p.m.41 views

Security Bulletin: There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM CICS TX Standard (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850).

Summary There are multiple vulnerabilities in the IBM SDK, Java Technology Edition that is shipped with IBM CICS TX Standard CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850. An update to IBM CICS TX Standard has been released to addre...

7.5CVSS7AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 11:47 a.m.40 views

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications

Summary Multiple Vulnerabilities were disclosed as part of the Oracle Jan 2024 Critical Patch Update. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality impact and...

7.5CVSS6.8AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 10:52 a.m.37 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to multiple vulnerabilities in IBM Java SDK

Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/08 5:28 a.m.35 views

Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Postgresql JDBC

Summary Vulnerabilities in Postgresql JDBC were remediated in IBM Observability with Instana build 267. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not limit access to created readabl...

5.5CVSS5.4AI score0.00491EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/07 10:3 p.m.46 views

Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2023-46218)

Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions CVE-2023-46218. AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details CVEID:CVE-2023-46218 DESCRIPTION:...

6.5CVSS6.8AI score0.01685EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/07 10:3 p.m.32 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...

7.5CVSS7.2AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/07 9:10 p.m.32 views

Security Bulletin: IBM SDK, Java Technology Edition, Security Update February 2024

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, 8 that is used by Rational Application Developer®. These issues were disclosed as part of the IBM Java SDK updates up to February 2024. IBM 8 SR8 FP20 1.8.0401. Vulnerability Details CVEID:CVE-2023-22067 DESCRIPTION:...

5.3CVSS5.8AI score0.00888EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35097