Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35129 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/05 9:14 a.m.28 views

Security Bulletin: Cryptography-41.0.3 and cryptography-41.0.5 is vulnerable to CVE-2023-49083 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses cryptography-41.0.3-cp37-abi3-manylinux228x8664.whl and cryptography-41.0.5-cp37-abi3-manylinux228x8664.whl which is vulnerable to CVE-2023-49083 Vulnerability Details CVEID:CVE-2023-49083 DESCRIPTION: Cryptography package for Python...

7.5CVSS6.7AI score0.00985EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/05 9:13 a.m.33 views

Security Bulletin: postcss-8.4.14.tgz is vulnerable to CVE-2023-44270 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses postcss-8.4.14.tgz which is vulnerable to CVE-2023-44270 Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By using a...

5.3CVSS5.5AI score0.00822EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/05 9:11 a.m.31 views

Security Bulletin: openssl-src-111.26.0+1.1.1u.crate is vulnerable to CVE-2023-3817 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-111.26.0+1.1.1u.crate which is vulnerable to CVE-2023-3817 Vulnerability Details CVEID:CVE-2023-3817 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or...

5.3CVSS5.7AI score0.02577EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/05 9:11 a.m.22 views

Security Bulletin: Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl is vulnerable to CVE-2023-44271 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses Pillow-9.3.0-cp37-cp37m-manylinux228x8664.whl which is vulnerable to CVE-2023-44271 Vulnerability Details CVEID:CVE-2023-44271 DESCRIPTION: Pillow is vulnerable to a denial of service, caused by a flaw with uncontrollably allocates...

7.5CVSS7.4AI score0.01038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/05 9:7 a.m.33 views

Security Bulletin: follow-redirects-1.15.2.tgz and follow-redirects-1.15.3.tgz is vulnerable to CVE-2023-26159 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses follow-redirects-1.15.2.tgz and follow-redirects-1.15.3.tgz which is vulnerable to CVE-2023-26159 Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks,...

7.3CVSS6.6AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/05 9:6 a.m.48 views

Security Bulletin: axios-1.5.0.tgz and axios-1.5.1.tgz is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses axios-1.5.0.tgz and axios-1.5.1.tgz which is vulnerable to CVE-2023-45857 Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/05 8:50 a.m.34 views

Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities (CVE-2023-46589)

Summary IBM Security SOAR uses an older version of Apache Tomcat that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 51.0.0.2 or later of IBM Security SOAR. Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION:...

7.5CVSS7.5AI score0.02651EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/04 8:10 p.m.33 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for January 2023.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF001. Vulnerability Details CVEID:CVE-2023-46673 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by improper handling of exceptional conditions. By sending a specially...

7.5CVSS7.1AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/04 6:35 p.m.68 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections caus...

6.5CVSS5.4AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/04 5:22 p.m.36 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to January 2024 CPU

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in January 2024. These issues are also addressed by WebSphere Application Server shipped with WebSphere...

7.5CVSS7.1AI score0.00911EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/04 4:17 p.m.18 views

Security Bulletin: IBM InfoSphere Information Server is affected by a Sensitive data exposure vulnerability (CVE-2024-22352)

Summary A Sensitive data exposure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-22352 DESCRIPTION: IBM InfoSphere Information Server stores potentially sensitive information in log files that could be read by a local user. CVSS Base score:...

6.5CVSS5.7AI score0.00495EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/04 10:53 a.m.31 views

Security Bulletin: IBM Transformation Extender Advanced vulnerable to LDAP security bypass due to Apache Derby [CVE-2022-46337]

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, includes and supports Apache Derby as a pre-production database for developers. LDAP for Apache Derby is not supported in production deployment of IBM Transformation Extender Advanced. This bulletin...

9.8CVSS9.3AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/04 7:24 a.m.36 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses urllib3-1.26.16-py2.py3-none-any.whl which is vulnerable to CVE-2023-45803 This bulletin contains information regarding the vulnerability and its fixture.

Summary IBM Maximo Application Suite - Predict Component :urllib3-1.26.16-py2.py3-none-any.whl is vulnerable to CVE-2023-45803 This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow a remote...

4.2CVSS6.2AI score0.00544EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/04 7:22 a.m.68 views

Security Bulletin: urllib3-1.26.16-py2.py3-none-any.whl (Publicly disclosed vulnerability found by Mend) was vulnerable to this CVE-2023-43804

Summary Security Bulletin: urllib3-1.26.16-py2.py3-none-any.whl Publicly disclosed vulnerability found by Mend was vulnerable to this CVE-2023-43804 : This bulltetin identifies the vulnerability and it's solution. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 could allow a remot...

8.1CVSS6.8AI score0.01207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 11:28 p.m.57 views

Security Bulletin: Vulnerability in Node.js affects Cloud Pak System [CVE-2023-42282]

Summary Node.js IP package code execution vulnerability affects Cloud Pak System on Power CVE-2023-42282. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a server-side request forgery flaw ...

9.8CVSS9.3AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 7:39 p.m.51 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF030 and 23.0.2-IF002. Vulnerability Details CVEID:CVE-2023-2976 DESCRIPTION: Google Guava could allow a local authenticated attacker to obtain sensitive information, caused by a flaw with...

9.3CVSS9.8AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 7:27 p.m.59 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

9.8CVSS9.8AI score0.27392EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 7:27 p.m.36 views

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure and man in the middle attacks (CVE-2023-47742, CVE-2024-22355)

Summary IBM QRadar Suite software is vulnerable to information exposure through password practices & man in the middle attacks, due to certificate validation issues. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the...

5.9CVSS6AI score0.0041EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 7:23 p.m.47 views

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow Configuration Editor packages a Node.js runtime. Vulnerabilities have been reported for Node.js. Vulnerability Details CVEID:CVE-2024-21892 DESCRIPTION: Node.js could allow a local authenticated attacker to gain elevated privileges on the system, caused by...

9.8CVSS8.3AI score0.04459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 7:11 p.m.38 views

Security Bulletin: Apache Derby vulnerability addressed in IBM Business Automation Workflow on containers [CVE-2022-46337]

Summary IBM Business Automation Workflow on containers addessed CVE-2022-46337. A copy of derby is included on container images, but never used in a supported scenario. Even in unsupported scenarios, there is no way of letting derby interact with LDAP. Vulnerability Details CVEID:CVE-2022-46337...

9.8CVSS9.3AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 6:3 p.m.87 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details...

9.8CVSS9.6AI score0.87816EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 5:42 p.m.44 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...

9.1CVSS9.5AI score0.02678EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 4:28 p.m.33 views

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty may affect IBM Business Automation Workflow (CVE-2023-44487)

Summary WebSphere Liberty is shipped with IBM Business Automation Workflow traditional to support Process Federation Server and User Management Services. WebSphere Liberty is also the application server for IBM Business Automation Workflow on Containers. A denial of service vulnerability has been...

7.5CVSS7.8AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 4:28 p.m.27 views

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - Oct 2023 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 11 V23.0.1, IBM® Semeru Runtime 17 V23.0.2. Information about security vulnerabilities in these Java runtumes have been published. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An...

5.9CVSS6.4AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 4:24 p.m.53 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow Event Emitters - CVE-2023-51074

Summary IBM Business Automation Workflow Event Emitters are vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a speciall...

5.3CVSS5.8AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 4:21 p.m.27 views

Security Bulletin: Information disclosure vulnerability in IBM WebSphere Application Server Liberty affect IBM Business Automation Workflow - CVE-2023-44483

Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM Business Automation Workflow for User Management Services and Process Federation Server. IBM WebSphere Applciation Server Liberty is also the basis for containerized IBM Business Automation Workflow. A security...

6.5CVSS6.6AI score0.01212EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 4:12 p.m.168 views

Security Bulletin: nginx is vulnerable to CVE-2021-23017 used in IBM Maximo Application Suite - Edge Data Collector Component

Summary IBM Maximo Application Suite - Edge Data Collector Component uses nginx which is vulnerable to CVE-2021-23017. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2021-23017 DESCRIPTION: NGINX could allow a remote attacker to execute...

7.7CVSS7.1AI score0.52838EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 3:22 p.m.62 views

Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service attacks due to multiple vulnerabilities.

Summary IBM i Domain Name System DNS uses ISC BIND. ISC BIND on IBM i is vulnerable to denial of service attacks due to errors exploitable by remote attacker as described in the vulnerability details section CVE-2023-4408, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516, CVE-2023-50868. This bulletin...

7.5CVSS7.8AI score0.82829EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 10:33 a.m.33 views

Security Bulletin: Control Access issues in PCOMM

Summary There is a vulnerability in IBM Person CommunicationsPCOMM . Person Communications has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-37410 DESCRIPTION: IBM Personal Communications could allow a local user to escalate their privileges to the SYSTEM user due to overly...

8.4CVSS7.8AI score0.00186EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 10:15 a.m.34 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a runc security vulnerability (CVE-2024-21626)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the runc component where an attacker could gain unauthorized access to the host filesystem CVE-2024-21626. Vulnerability Details CVEID: CVE-2024-21626 Description: Open Container Initiative runc could allow a...

8.6CVSS9AI score0.16775EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 6:47 a.m.59 views

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. CVE-2023-28322, CVE-2023-28320, CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caus...

5.9CVSS7.1AI score0.02658EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/03/01 5:14 a.m.62 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 packages and cryptographic algorithms

Summary go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTIO...

7.8CVSS9.4AI score0.016EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 9:59 p.m.66 views

Security Bulletin: IBM MQ is vulnerable to denial of service (CVE-2024-25016)

Summary IBM MQ has addressed a denial of service vulnerability due to incorrect buffering logic. Vulnerability Details CVEID:CVE-2024-25016 DESCRIPTION: IBM MQ and IBM MQ Appliance could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. CVSS Ba...

7.5CVSS7.3AI score0.00849EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 9:58 p.m.22 views

Security Bulletin: IBM MQ is vulnerable to an issue in libqb (CVE-2023-39976)

Summary IBM MQ has addressed a vulnerability in libqb, which is only applicable when the RDQM package is installed and configured as part of an HA group on RHEL 9. Vulnerability Details CVEID:CVE-2023-39976 DESCRIPTION: ClusterLabs libqb is vulnerable to a buffer overflow, caused by improper boun...

9.8CVSS9.8AI score0.00984EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 9:58 p.m.52 views

Security Bulletin: IBM MQ is vulnerable to issues in Eclipse (CVE-2023-4218, CVE-2023-44487)

Summary IBM MQ has addressed vulnerabilities in Eclipse, which is used in IBM MQ Explorer. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

7.5CVSS8AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 8:37 p.m.42 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a machine-in-the-middle attack in OpenSSH [CVE-2023-48795]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a machine-in-the-middle attack in OpenSSH, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions CVE-2023-48795. OpenSSH is included as ...

5.9CVSS6.3AI score0.93305EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 8:35 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in go-jose [GHSA-2c7c-3mj9-8fqh](IBM X-Force ID: 273242)

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in go-jose, caused by a "billion hashes attack" when decrypting JWE inputs GHSA-2c7c-3mj9-8fqh IBM X-Force ID: 273242. Go-jose is included as a component of operators us...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 8:35 p.m.31 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3 [CVE-2019-11236]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3, caused by improper validation of user-supplied input by the request parameter. CVE-2019-11236. Python urllib3 is included as a component of our Speech runtimes. This...

6.1CVSS6.9AI score0.02056EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 8:22 p.m.27 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, could provide weaker than expected security for outbound TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

6.5CVSS5.5AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 8:18 p.m.18 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security (CVE-2023-50312)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, could provide weaker than expected security for outbound TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

6.5CVSS5.5AI score0.00592EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 8:16 p.m.33 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3 [CVE-2020-26137]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to CRLF injection in Python urllib3, by an attacker's ability to insert CR and LF control characters in the first argument of putrequest CVE-2020-26137. Python urllib3 is included as a component of our Speech...

6.5CVSS6.8AI score0.02199EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 8:15 p.m.41 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Rsync [CVE-2022-29154]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Rsync, caused by improper validation of file names CVE-2022-29154. Rsync is used as a component of our Speech runtimes. This vulnerabilitiy has been addressed. Please read th...

7.4CVSS7.4AI score0.0165EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 8:14 p.m.24 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a man-in-the-middle attack in CPAN.pm [CVE-2023-31484]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a man-in-the-middle attack in CPAN.pm, caused by improper validation of TLS certificates when downloading distributions over HTTPS. CVE-2023-31484. CPAN.pm is used as a component of our Speech runtimes. This...

8.1CVSS7.6AI score0.01561EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 8:13 p.m.26 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Perl HTTP [CVE-2023-31486]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Perl HTTP Tiny module, caused by the failure to verify TLS certificates by default and requiring users to opt in to verify certificates CVE-2023-31486. Perl HTTP is used as a component ...

8.1CVSS7.8AI score0.01727EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 4:57 p.m.58 views

Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2023-47745)

Summary IBM MQ has addressed a password disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2023-47745 DESCRIPTION: IBM MQ stores or transmits user credentials in plain clear text which can be read by a local user using a trace command. CVSS Base score: 6.2 CVSS Tempor...

6.2CVSS6.2AI score0.00116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 4:7 p.m.35 views

Security Bulletin: This Power System update is being released to address CVE-2021-3505

Summary A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with 1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate, which is called before the prime number check...

5.5CVSS5.2AI score0.00404EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 4:6 p.m.40 views

Security Bulletin: There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with CICS Transaction Gateway for Multiplatforms.

Summary There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with CICS Transaction Gateway for Multiplatforms. An update to CICS Transaction Gateway for Multiplatforms has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: A...

9.1CVSS9.7AI score0.02495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 4:0 p.m.35 views

Security Bulletin: There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with CICS Transaction Gateway Desktop Edition.

Summary There are multiple vulnerabilities in IBM Semeru Runtime that is shipped with CICS Transaction Gateway Desktop Edition. An update to CICS Transaction Gateway Desktop Edition has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2023-21930 DESCRIPTION: An...

9.1CVSS9.7AI score0.02495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 1:50 p.m.12 views

Security Bulletin: There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application (PSIRT-ADV0103951)

Summary There is a vulnerability in Java on z/OS used by IBM Maximo Asset Management application Vulnerability Details IBM X-Force ID: PSIRT-ADV0103951 DESCRIPTION: Created from Advisory: ADV0103951 CVSS Base score: 8.1 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products a...

6.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/29 1:40 p.m.42 views

Security Bulletin: There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-34462 and CVE-2023-44487)

Summary There is a vulnerability in Asset Data Dictionary used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2023-34462 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw with allocating up to 16MB of heap for each channel...

7.5CVSS7.9AI score0.99999EPSS
Exploits20Affected Software1
Total number of security vulnerabilities35129