Lucene search
K

35744 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/05/13 7:33 a.m.28 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Te...

4.3CVSS5.5AI score0.00302EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/13 7:21 a.m.17 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty. The following IBM® Engineering Lifecycle Engineering products are exposed to this attack and are been addressed in this bulletin: I...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/13 5:27 a.m.31 views

Security Bulletin: WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service. (CVE-2024-25026)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to t...

7.5CVSS6.1AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:57 p.m.45 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, authentication bypass, and incorrect privilege assignment due to Golang vulnerabilities.

Summary IBM Storage Fusion HCI uses Golang packages that may cause Fusion to be vulnerable to denial of service, authentication bypass, and incorrect privilege assignment. CVE-2018-20699, CVE-2023-48795, CVE-2022-21698, CVE-2021-41190, CVE-2023-39325, CVE-2022-29526, CVE-2023-45288. Vulnerability...

7.5CVSS8.2AI score0.93305EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:57 p.m.21 views

Security Bulletin: IBM Storage Fusion is vulnerable to directory traversal due to beego.

Summary Beego is used by IBM Storage Fusion as part of the User Interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details CVEID:CVE-2022-31836 DESCRIPTION: Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in the...

9.8CVSS9.3AI score0.21573EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:57 p.m.39 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to directory traversal due to Beego.

Summary Beego is used by IBM Storage Fusion HCI as part of the user interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details CVEID:CVE-2022-31836 DESCRIPTION: Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in th...

9.8CVSS9.3AI score0.21573EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:56 p.m.62 views

Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-1135, CVE-2024-26130, CVE-2024-23829, CVE-2024-2334, CVE-2023-49081, CVE-2023-49082. Vulnerability Details CVEID:CVE-2024-11...

7.5CVSS7.6AI score0.76875EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:56 p.m.41 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.

Summary aiohttp, cryptography and Gunicorn are used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-23829, CVE-2024-23334, CVE-2024-1135, CVE-2024-26130. Vulnerability Details CVEID:CVE-2024-23829 DESCRIPTION: aio-libs...

7.5CVSS7.5AI score0.76875EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:55 p.m.54 views

Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerab...

8.1CVSS7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:55 p.m.22 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service due to Apache Commons Compress and ion-java.

Summary commons-compress and ion-java is used by IBM Storage Fusion HCI as part of the Backup and Restore service and may be vulnerable to the CVEs listed below. CVE-2024-26308, CVE-2024-25710, CVE-2024-21634. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is...

8.1CVSS7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:55 p.m.24 views

Security Bulletin: IBM Storage Fusion is vulnerable to phishing attacks due to follow-redirects package.

Summary follow-redirects is used by IBM Storage Fusion as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open...

7.3CVSS6.5AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:54 p.m.33 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to phishing attacks and cross-site request forgery due to follow-redirects and Axios.

Summary follow-redirects and Axios are used by IBM Storage Fusion HCI as part of the Installer and may be vulnerable to the CVE listed below. CVE-2023-26159, CVE-2023-45857. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing...

7.3CVSS6.8AI score0.00797EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:54 p.m.34 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to denial of service, cross-site scripting, and obtaining sensitive information due to Pypa, Pallets Jinja, requests, and urllib3.

Summary Python packages Pypa, Pallet Jinja, requests, and urllib3 are used by IBM Storage Fusion HCI as part of the installer and may be vulnerable to the CVEs listed below. CVE-2022-40897, CVE-2024-22195, CVE-2023-32681, CVE-2023-43804. Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pyp...

8.1CVSS7.1AI score0.02974EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:54 p.m.31 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to elevated privileges due to OpenShift.

Summary OpenShift included with IBM Storage Fusion HCI is affected by the CVE listed below. CVE-2023-5408. Vulnerability Details CVEID:CVE-2023-5408 DESCRIPTION: OpenShift Kubernetes could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the node...

7.2CVSS7AI score0.01112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:53 p.m.39 views

Security Bulletin: IBM Storage Fusion is vulnerable to denial of service due to Golang Go's net/http and x/net/http2.

Summary Golang Go's net/http and x/net/http2 packages are used by IBM Storage Fusion as part of the its user interface and may be affacted by the CVE listed below. CVE-2023-45288. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a...

7.5CVSS7.7AI score0.91969EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/11 4:52 p.m.28 views

Security Bulletin: IBM Storage Fusion HCI is vulnerable to unauthorized access due to a flaw in Ceph RGW.

Summary Ceph is used by IBM Storage Fusion HCI if IBM Storage Fusion HCI is configured with the Data Foundation service. CVE-2023-43040. Vulnerability Details CVEID:CVE-2023-43040 DESCRIPTION: IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized actions in RGW for Ceph due to...

9.8CVSS6.3AI score0.02539EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 6:32 p.m.23 views

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...

7.5CVSS7AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 4:9 p.m.18 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a remote attack due to Apache Commons Net (CVE-2032-37533)

Summary The IBM Integration Bus for z/OS toolkit is vulnerable to a remote attack due to Apache Commons Net. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 4:0 p.m.31 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to an HTML injection attack (CVE-2024-28761)

Summary IBM App Connect Enterprise Admin API and Dashboard are vulnerable to an HTML injection attack. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-28761 DESCRIPTION: IBM App Connect Enterprise is vulnerable to HTML injection. A...

5.4CVSS5.7AI score0.0033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 3:57 p.m.54 views

Security Bulletin: The IBM QRadar SIEM Amazon Web Services protocol is vulnerable to a denial of service (CVE-2021-22569 ,CVE-2022-3171, CVE-2022-3509)

Summary A flaw was found in protobuf-java. Google Protocol Buffer protobuf-java which allows the interleaving of com.google.protobuf.UnknownFieldSet fields. Vulnerability Details CVEID:CVE-2021-22569 DESCRIPTION: Google Protocol Buffer protobuf-java is vulnerable to a denial of service, caused by...

7.5CVSS6.4AI score0.01655EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 3:50 p.m.31 views

Security Bulletin: The IBM QRadar SIEM RabbitMQ protocol is vulnerable to a denial of service (CVE-2023-46120)

Summary The RabbitMQ Java Client is vulnerable to a denial of service, caused by no message size limit in maxBodyLength. Vulnerability Details CVEID:CVE-2023-46120 DESCRIPTION: RabbitMQ Java Client is vulnerable to a denial of service, caused by no message size limit in maxBodyLebgth. By sending ...

7.5CVSS6.1AI score0.01061EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 3:49 p.m.25 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service (CVE-2024-28760)

Summary IBM App Connect Enterprise Dashboard is vulnerable to a denial of service due to improper restrictions of resource allocation. This bulletin identifies the steps to take to address the vulnerability Vulnerability Details CVEID:CVE-2024-28760 DESCRIPTION: IBM App Connect Enterprise dashboa...

4.3CVSS4.4AI score0.00457EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 3:38 p.m.82 views

Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to gain...

9.8CVSS10AI score0.02919EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 3:33 p.m.40 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attack due to the node.js module follow-redirects and Express.js (CVE-2024-28849, CVE-2024-29041)

Summary IBM App Connect Enterprise is vulnerable to a remote attack due to node.js module follow-redirects and Express.js. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow...

6.5CVSS6.7AI score0.01044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 3:4 p.m.34 views

Security Bulletin: IBM Security Guardium is affected by an IBM SDK, Java Technology Edition Quarterly CPU - Oct 2023 vulnerability (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity impact, and...

5.9CVSS6.2AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 2:52 p.m.51 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js.

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-21892 DESCRIPTION: Node.js could allow a local authenticated attacker to gain elevated...

7.8CVSS7.8AI score0.03168EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 11:38 a.m.39 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a denial of service (CVE-2024-25026)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is vulnerable to a denial of service. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Jazz for...

7.5CVSS6.1AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 8:17 a.m.43 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor repackages a vulnerable version of Node.js and express. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By...

8.2CVSS7.9AI score0.87211EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 4:8 a.m.31 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20932 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...

7.5CVSS6.5AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 4:7 a.m.24 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker ...

7.8CVSS6.5AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 4:5 a.m.42 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the JSS...

9.1CVSS8.8AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 4:3 a.m.31 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request...

6.5CVSS6.9AI score0.01594EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 4:0 a.m.46 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow and buffer...

7.5CVSS8AI score0.99999EPSS
Exploits26Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 3:58 a.m.31 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...

7.5CVSS6.5AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 8:5 p.m.23 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to a Cross-Site Scripting vulnerability (CVE-2024-28781)

Summary IBM UrbanCode Deploy UCD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details...

5.4CVSS5.3AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 7:33 p.m.72 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2024 Critical Patch Update, plus CVE-2023-38264. For more information please refer to Oracle's April 2024 CPU Advisory and the X-Force database entries referenc...

5.9CVSS4.8AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 12:34 p.m.25 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to C-ares (CVE-2024-25629)

Summary The OpenTelemetry tracing in IBM App Connect Enterprise is vulnerable to a denial of service due to C-ares. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-25629 DESCRIPTION: C-ares is vulnerable to a denial of service, caused ...

5.5CVSS5.3AI score0.00349EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 10:18 a.m.34 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS6.7AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 9:47 a.m.38 views

Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM CICS TX Advanced is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM CICS TX Advanced. The version of IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced has been updated to address the applicable issues. Vulnerability...

7CVSS7.5AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 9:40 a.m.33 views

Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM CICS TX Standard is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM CICS TX Standard. The version of IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard has been updated to address the applicable issues. Vulnerability...

7CVSS7.5AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 9:22 a.m.29 views

Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM TXSeries for Multiplatforms is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable...

7CVSS7.5AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 9:10 a.m.33 views

Security Bulletin: IBM TXSeries for Multiplatforms is vulnerable to multiple security vulnerabilities in the Administration Console shipped with the product (CVE-2024-22344, CVE-2024-22345 and CVE-2024-22343).

Summary There are vulnerabilities in the Administration console shipped with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has been updated to address the applicable issues. Vulnerability Details CVEID:CVE-2024-22343 DESCRIPTION: IBM TXSeries for Multiplatforms allows web pages...

7.5CVSS5.7AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 7:13 a.m.42 views

Security Bulletin: IBM Automation Decision Services - April 2024 -Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-31906 DESCRIPTION: IBM Automation Decision...

8.2CVSS8.1AI score0.19442EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 3:58 a.m.13 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

7.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 3:55 a.m.10 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin...

7.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 3:54 a.m.30 views

Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to a denial of service (CVE-2024-25026)

Summary IBM WebSphere Application Server, which is shipped with IBM Security Access Manager for Enterprise Single Sign-On, is vulnerable to a denial of service. Apply updates as referenced in the Remediation/Fixes section below. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS6.1AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/09 3:54 a.m.16 views

Security Bulletin: Vulnerability in IBM® Java SDK affects WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2022-40609)

Summary IBM WebSphere Application Server is shipped with IBM Security Access Manager for Enterprise Single Sign-On. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. See the bulletins listed in the Remediation/Fixes...

9.8CVSS8.7AI score0.01827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/08 8:47 p.m.23 views

Security Bulletin: TPF Toolkit is affected by vulnerabilities in the Eclipse IDE and Apache Commons Compress

Summary The org.eclipse.core.runtime component is used by TPF Toolkit as part of the basic platform infrastructure CVE-2023-4218. Additionally, the Apache commons-compress package is used by TPF Toolkit web applications services as part of the code coverage feature CVE-2024-26308, CVE-2024-25710...

8.1CVSS7.1AI score0.00898EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/08 7:24 p.m.33 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Orac...

7.5CVSS7.1AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/08 7:6 p.m.22 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20926)

Summary Potential unspecified vulnerability in Java SE related to the VM component CVE-2024-20926 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...

5.9CVSS6.5AI score0.01026EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35744