Lucene search
K

35744 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 7:5 p.m.•34 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20918)

Summary Potential unspecified vulnerability in Java SE related to the VM component CVE-2024-20918 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...

7.4CVSS7.1AI score0.00911EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 7:5 p.m.•29 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20921)

Summary Potential unspecified vulnerability in Java SE related to the VM component CVE-2024-20921 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...

5.9CVSS6.4AI score0.00857EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 7:5 p.m.•23 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20919)

Summary Potential unspecified vulnerability in Java SE related to the VM component CVE-2024-20919 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...

5.9CVSS6.3AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 5:21 p.m.•32 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM MQ shipped with IBM WebSphere Remote Server

Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2023-26159, CVE-2024-25015, CVE-2024-25048, CVE-2024-20952, CVE-2023-33850, CVE-2023-6237, CVE-2024-0727 Vulnerability Details Ref...

7.5CVSS7.7AI score0.03174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 2:34 p.m.•24 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to unspecified vulnerability in Java SE ( CVE-2024-20932)

Summary Potential unspecified vulnerability in Java SE related to the Security component CVE-2024-20932 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details...

7.5CVSS7.1AI score0.00775EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 9:39 a.m.•45 views

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 271 Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an incorrect cipher key and IV length processing during the...

7.5CVSS7.5AI score0.03332EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 7:15 a.m.•40 views

Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale

Summary There are multiple vulnerabilities in moment.js, used by IBM Storage Scale HDFS transparency, which can cause a denial of service or allow a remote attacker to traverse directories on the system. CVE-2017-18214, CVE-2022-24785, CVE-2016-4055, CVE-2022-31129. Vulnerability Details...

7.8CVSS7.8AI score0.09905EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 7:9 a.m.•49 views

Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale

Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

6.1CVSS6.8AI score0.29726EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 6:45 a.m.•28 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Xerces2

Summary Multiple vulnerabilities have been identified in Apache Xerces2, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2022-23437 DESCRIPTION: Apache Xerces2...

7.8CVSS7.7AI score0.24738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 6:3 a.m.•20 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-27268)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this risk, it has been address...

7.5CVSS6.1AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 6:2 a.m.•28 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-22353)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...

7.5CVSS6.4AI score0.00818EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/08 4:16 a.m.•44 views

Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Host On-Demand

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by Host On-Demand. Host On-Demand has addressed the applicable CVE. This issue was disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU...

5.9CVSS5.9AI score0.00406EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 8:54 p.m.•22 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-50313)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

6.5CVSS5.8AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 8:44 p.m.•24 views

Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-23635)

Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

6.1CVSS6.4AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 8:43 p.m.•24 views

Security Bulletin: There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management (CVE-2024-23635)

Summary There is a vulnerability in AntiSamy 1.7.4 used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2024-23635 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability...

6.1CVSS6.4AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 8:26 p.m.•36 views

Security Bulletin: There is a vulnerability in ion-java used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-21634)

Summary There is a vulnerability in ion-java used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-21634 DESCRIPTION: Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for applications. By sending a...

7.5CVSS7.5AI score0.0082EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 8:3 p.m.•46 views

Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-28849, CVE-2024-29041, CVE-2024-29180)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js...

7.5CVSS7.1AI score0.01209EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 7:59 p.m.•63 views

Security Bulletin: Common Vulnerabilities in Cloudera Data Platform Private Cloud Base 7.1.9.

Summary Common vulnerabilities reported in Cloudera Data Platform Private Cloud Base 7.1.9 have been addressed, and are available in Hotfix 2. Vulnerability Details CVEID:CVE-2015-1772 DESCRIPTION: Apache Hive could allow a remote attacker to bypass security restrictions, caused by an error in th...

9CVSS9.9AI score0.53861EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 7:56 p.m.•23 views

Security Bulletin: Common vulnerability in Cloudera Data Platform Private Cloud Base 7.1.9 fixed in Hot Fix 1

Summary Fix to common vulnerability, CVE-2021-43045, discovered in Cloudera Data Platform 7.1.9 is available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-43045 DESCRIPTION: Apache Avro is vulnerable to a denial of service, caused by a flaw in the .NET SDK. By sending a...

7.5CVSS7.4AI score0.0296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 7:54 p.m.•58 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

7.3CVSS7.4AI score0.7795EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 7:52 p.m.•40 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...

8.8CVSS9.4AI score0.7848EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 7:21 p.m.•56 views

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

9.8CVSS10AI score0.9077EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 5:5 p.m.•42 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

9.8CVSS9.2AI score0.0982EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 4:15 p.m.•27 views

Security Bulletin: IBM Financial Transaction Manager is vulnerable to an XML External Entity Injection (XXE) attack

Summary IBM Financial Transaction Manager for ACH and Check Service v3.0.5.4 and v3.0.5.5 has addressed an XML External Entity Injection vulnerability. Vulnerability Details CVEID:CVE-2023-35892 DESCRIPTION: IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML Extern...

9.1CVSS8.1AI score0.00816EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/07 10:7 a.m.•32 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to privilege escalation due to Spring-Web (CVE-2023-44794)

Summary IBM Sterling Connect:Direct Web Services uses Spring-Web. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-44794 DESCRIPTION: Dromara SaToken and SpringBoot could allow a remote authenticated attacker to gain elevated privileg...

9.8CVSS9.7AI score0.00964EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 10:5 p.m.•31 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities due to the use of IBM Db2

Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692...

8.4CVSS8.2AI score0.01513EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 7:8 p.m.•39 views

Security Bulletin: AIX is vulnerable to privilege escalation (CVE-2024-27273)

Summary Vulnerability in the AIX kernel may lead to privilege escalation CVE-2024-27273. Vulnerability Details CVEID:CVE-2024-27273 DESCRIPTION: IBM AIX's Unix domain datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation an...

8.1CVSS8.2AI score0.00146EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 4:53 p.m.•49 views

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...

9.8CVSS8.8AI score0.32257EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 4:52 p.m.•45 views

Security Bulletin:Tensorflow, which is vulnerable to multiple security CVEs, is used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-25658 DESCRIPTION: TensorFlow is vulnerable to a denial of servic...

9.8CVSS8.5AI score0.00831EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 4:34 p.m.•21 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-25026)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7.5CVSS6.3AI score0.00792EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 10:34 a.m.•32 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Pillow arbitrary code execution vulnerabilitiy.

Summary Potential Pillow arbitrary code execution vulnerabilitity have been identified that could affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-50447 DESCRIPTION:...

8.1CVSS9.3AI score0.01703EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 10:30 a.m.•22 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to ETCD logs Information disclosure vulnerabilitiy.(CVE-2023-40694)

Summary Potential ETCD logs Information disclosure vulnerabilitiy CVE-2023-40694 has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-40694 DESCRIPTION: IBM Watson...

6.2CVSS6AI score0.00168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 4:19 a.m.•56 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to security bypass due to PostgreSQL (CVE-2024-0985)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when...

8CVSS8.3AI score0.01465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 4:17 a.m.•21 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to security bypass due to PostgreSQL (CVE-2024-0985)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when...

8CVSS8.3AI score0.01465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/06 4:15 a.m.•40 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to a denial of service due to PostgreSQL (CVE-2023-5870)

Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-5870 DESCRIPTION: PostgreSQL is vulnerable to a denial of service, caused by a flaw in the pgsignalbackend role. By sending a...

4.4CVSS6.5AI score0.02555EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 7:55 p.m.•35 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-28102 DESCRIPTION: JWCrypto is vulnerable to a...

9.8CVSS8.2AI score0.04488EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 6:31 p.m.•37 views

Security Bulletin: IBM Aspera Orchestrator affected by cryptographic and cross-site scripting vulnerabilities (CVE-2023-27283, CVE-2023-27280, CVE-2023-27281)

Summary IBM Aspera Orchestrator has addressed multiple vulnerabilities related to cryptographic algoritms and cross-site scripting that could allow sensitive information disclosure. Vulnerability Details CVEID:CVE-2023-27283 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to stored cross-site...

5.3CVSS5.7AI score0.00471EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 3:22 p.m.•31 views

Security Bulletin: IBM Aspera Orchestrator affected by usage of vulnerable software (CVE-2020-27511, CVE-2022-31160, CVE-2021-41184, CVE-2021-41182, CVE-2021-41183, CVE-2018-20677, CVE-2018-20676, CVE-2018-14040, CVE-2016-10735, CVE-2019-8331)

Summary IBM Aspera Orchestrator has addressed multiple vulnerabilities related to the use of vulnerable software jQuery and Bootstrap that could allow denial of service and cross-site scripting attacks. Vulnerability Details CVEID:CVE-2020-27511 DESCRIPTION: Prototype is vulnerable to a denial of...

7.5CVSS7.3AI score0.44515EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 1:22 p.m.•37 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-471...

8.4CVSS9.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 11:2 a.m.•49 views

Security Bulletin: Due to use of Apache Struts, Netcool Operation Insight is vulnerable to arbitrary code execution.

Summary Apache Struts is used by Netcool Operations Insight as part of internal services CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary...

9.8CVSS9.8AI score0.80819EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 10:32 a.m.•45 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

8.7CVSS9.5AI score0.02996EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 9:26 a.m.•38 views

Security Bulletin: Vulnerability in node.js package affects IBM Storage Scale GUI (CVE-2023-42282)

Summary There is a vulnerability in node.js package, used by IBM Storage Scale GUI. Fix for this issue is available in all versions. Vulnerability Details CVEID:CVE-2023-42282 DESCRIPTION: Node.js IP package could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.2AI score0.01613EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 9:17 a.m.•27 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Storage Scale packaged in IBM Storage Scale System

Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System GUI, which could allow a remote attacker to cause a denial of service. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSS...

5.9CVSS6.3AI score0.014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 9:4 a.m.•54 views

Security Bulletin: Multiple Linux Kernel vulnerabilities affects IBM Storage Scale System.

Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a denial of service. Fixes for these vulnerabilities are available. CVE-2023-5178, CVE-2023-3609, CVE-2023-45871, CVE-2023-4732, CVE-2023-1192. Vulnerability Details...

8.8CVSS9.1AI score0.09141EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/03 7:20 a.m.•46 views

Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2021-37533

Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow bundles a vulnerable copy of Apache commons-net. Vulnerability Details CVEID:CVE-2021-37533 DESCRIPTION: Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an issue with...

6.5CVSS6.4AI score0.01858EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 11:59 p.m.•28 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Commons Compress [CVE-2024-26308]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Apache Commons Compress, caused by an out of memory error CVE-2024-26308. Apache Commons Compress is used as part of our Speech runtimes. This vulnerabilitiy has been addressed. Please...

5.5CVSS6.4AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 9:30 p.m.•41 views

Security Bulletin: IBM Aspera Orchestrator affected by a command injection vulnerability (CVE-2023-37407)

Summary IBM Aspera Orchestrator has addressed a vulnerability that could allow execution of arbitrary code CVE-2023-37407. Vulnerability Details CVEID:CVE-2023-37407 DESCRIPTION: IBM Aspera Orchestrator could allow a remote authenticated attacker to execute arbitrary commands on the system by...

8.8CVSS8.9AI score0.00909EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 7:25 p.m.•86 views

Security Bulletin: Apache Tomcat is vulnerable to CVE-2024-24549 and CVE-2024-23672 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Tomcat which is vulnerable to CVE-2024-24549 and CVE-2024-23672. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-24549 DESCRIPTION: Apache Tomcat is vulnerable to a...

7.5CVSS7.1AI score0.23072EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 7:25 p.m.•37 views

Security Bulletin: Apache Commons Compress is vulnerable to CVE-2024-26308 and CVE-2024-25710 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Commons Compress which is vulnerable to CVE-2024-26308 and CVE-2024-25710. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress ...

8.1CVSS6.7AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2024/05/02 5:39 p.m.•34 views

Security Bulletin: IBM Spectrum Discover is vulnerable to security vulnerability in Pillow 9.5.0 (CVE-2023-50447)

Summary IBM has addressed a fix for vulnerabilities in IBM Spectrum Discover. Pillow is vulnerable to remote attackers to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the PIL.ImageMath.eval function. CVE-2023-50447. Vulnerability Details...

8.1CVSS9.3AI score0.01703EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35744