Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

35155 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 4:21 p.m.22 views

Security Bulletin: Follow-redirects is vulnerable to CVE-2023-26159 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses follow-redirects which is vulnerable to CVE-2023-26159. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to...

7.3CVSS6.6AI score0.00797EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 4:20 p.m.28 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

7.5CVSS7.3AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 4:20 p.m.29 views

Security Bulletin: urllib3 is vulnerable to CVE-2023-45803 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses urllib3 which is vulnerable to CVE-2023-45803. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45803 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obta...

4.2CVSS6.2AI score0.00544EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 4:19 p.m.29 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to CVE-2023-46158 and CVE-2023-44483 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2023-46158 and CVE-2023-44483. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM...

9.8CVSS7.1AI score0.01212EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 4:18 p.m.56 views

Security Bulletin: Logback is vulnerable to CVE-2023-6481 and CVE-2023-6378 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses logback which is vulnerable to CVE-2023-6481 and CVE-2023-6378. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a deni...

7.5CVSS7AI score0.009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 4:17 p.m.37 views

Security Bulletin: Json-path is vulnerable to CVE-2023-51074 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses json-path which is vulnerable to CVE-2023-51074. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, caused by...

5.3CVSS5.8AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 4:16 p.m.40 views

Security Bulletin: Netty-codec-http2 is vulnerable to CVE-2023-44487 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http2 which is vulnerable to CVE-2023-44487. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of...

7.5CVSS7.7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 4:15 p.m.51 views

Security Bulletin: PyArrow is vulnerable to CVE-2023-47248 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses PyArrow which is vulnerable to CVE-2023-47248. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: PyArrow could allow a remote authenticated attacker to...

9.8CVSS9.5AI score0.18265EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 4:13 p.m.57 views

Security Bulletin: Axios is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Axios which is vulnerable to CVE-2023-45857. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: Axios is vulnerable to cross-site request forgery, caused by...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 3:2 p.m.25 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to MiniZip (CVE-2023-45853)

Summary MiniZip, in IBM App Connect Enterprise and IBM Integration Bus for z/OS is vulnerable to a denial of service. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip is vulnerable to a denial of service, caus...

9.8CVSS9.5AI score0.02918EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/27 1:28 p.m.28 views

Security Bulletin: IBM Operational Decision Manager for February 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-46158...

9.8CVSS8.5AI score0.00456EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/26 7:46 p.m.108 views

Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities

Summary IBM Cognos Analytics is affected and considered vulnerable, based on current information, to vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Analytics. IBM Cognos Analytics has addressed the applicable CVEs by upgrading or removing the vulnerable libraries...

7.5CVSS10AI score0.14957EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/26 5:8 p.m.49 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Monitoring.

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVEs: CVE-2023-22067, CVE-2023-22081, CVE-2023-33850, CVE-2023-5676, CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945 and...

7.5CVSS7.8AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/26 4:12 p.m.26 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in jQuery UI (CVE-2022-31160)

Summary A cross-site scripting vulnerability in jQuery UI used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio...

6.1CVSS6.3AI score0.01895EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/26 3:39 p.m.21 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2023-50303)

Summary A cross-site scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-50303 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in t...

6.1CVSS6AI score0.00394EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/26 2:24 p.m.10 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/26 9:27 a.m.40 views

Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.0.2 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.1.1...

5.9CVSS5.8AI score0.01412EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/26 9:19 a.m.43 views

Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended upgrading to Version 50.2 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.1.1 of AppHost...

3.7CVSS5.6AI score0.01316EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/23 8:37 p.m.48 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to an unspecified vulnerability and denial of service due to IBM Runtime Environment Java Technology Edition

Summary IBM Java is used by IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms in product configuration, management, and data transmission. IBM Sterling Connect:Direct for UNIX on AIX, Linux, and Solaris platforms is impacted by an unspecified vulnerability and denial of...

5.9CVSS5.8AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/23 6:37 p.m.15 views

Security Bulletin: IBM Cognos Transformer is affected by security vulnerabilities

Summary There are vulnerabilities in Apache Xalan, Apache Commons Codec, IBM® Java™ Version 8, and OpenSSL that are consumed by IBM Cognos Transformer. These have been addressed by upgrading or removing the vulnerable libraries. Please refer to the table in the Related Information section for...

9.1CVSS9.8AI score0.77901EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/23 5:40 p.m.45 views

Security Bulletin: IBM Aspera Console 3.4.2 PL7 has addressed multiple vulnerabilities (CVE-2022-37436, CVE-2021-34798)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated CVE-2022-37436, CVE-2021-34798 in IBM Aspera Console 3.4.2 PL7. Vulnerability Details CVEID:CVE-2022-37436 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP response splitting attacks, caused by the us...

7.5CVSS8.7AI score0.62771EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/23 5:15 p.m.48 views

Security Bulletin: OpenSSH for IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation. [CVE-2023-51385]

Summary OpenSSH used by IBM i is vulnerable to an attacker executing arbitrary commands due to improper validation as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes section below...

6.5CVSS7.5AI score0.19753EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/23 4:53 p.m.43 views

Security Bulletin: AIX is vulnerable to arbitrary command execution due to Perl (CVE-2024-25021, CVE-2023-47038, CVE-2023-47100)

Summary Vulnerabilities in AIX's Perl could allow an attacker to execute arbitrary commands CVE-2024-25021, CVE-2023-47038, CVE-2023-47100 AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2024-25021 DESCRIPTION: IBM AIX's Perl implementation could allow a...

8.4CVSS8.5AI score0.00832EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/23 3:26 a.m.28 views

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface has multiple vulnerabilities due to IBM Java

Summary Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...

5.9CVSS5.7AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/23 3:24 a.m.26 views

Security Bulletin: IBM Sterling Connect:Direct Browser User Interface has multiple vulnerabilities due to IBM Java

Summary Sterling Connect:Direct Browser User Interface uses IBM® Runtime Environment Java™ Versions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM compone...

3.7CVSS5.6AI score0.01316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 6:13 p.m.51 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. IBM Planning Analytics Workspace 2.0 Release 93 has addressed the applicable CVEs by upgrading or removing the vulnerable libraries. Please refer to the table in the...

9.3CVSS9.5AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 5:49 p.m.25 views

Security Bulletin: IBM Aspera Console 3.4.2 PL7 has addressed a SQL injection vulnerability (CVE-2022-43842)

Summary IBM Aspera Console is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. Vulnerability Details CVEID:CVE-2022-43842 DESCRIPTION: IBM Aspera Console ...

9.1CVSS8.8AI score0.00533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 4:55 p.m.33 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2023...

5.9CVSS6.1AI score0.01412EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 4:27 p.m.25 views

Security Bulletin: Due to use of Apache Struts, IBM Sterling File Gateway is affected by denial of service vulnerabilities (CVE-2023-34149, CVE-2023-34396)

Summary IBM Sterling File Gateway uses Apache Struts. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not...

7.5CVSS5.8AI score0.05467EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 4:26 p.m.18 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to information disclosure due to OWASP ESAPI (CVE-2010-3300)

Summary IBM Sterling B2B Integrator uses OWASP ESAPI. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2010-3300 DESCRIPTION: OWASP ESAPI for Java could allow a remote attacker to obtain sensitive information, caused by a padding oracle...

5.9CVSS5.6AI score0.0045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 4:24 p.m.32 views

Security Bulletin: IBM Sterling B2B Integrator affected by vulnerabilities due to Eclipse Jetty (CVE-2023-26048, CVE-2023-26049)

Summary IBM Sterling B2B Integrator uses Eclipse Jetty. Vulnerability Details CVEID:CVE-2023-26048 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an out of memory flaw in the HttpServletRequest.getParameter or HttpServletRequest.getParts function. By sending a speciall...

5.3CVSS5.8AI score0.0326EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 4:23 p.m.38 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service (CVE-2023-32341)

Summary IBM Sterling B2B Integrator has addressed a denial of service security vulnerability. Vulnerability Details CVEID:CVE-2023-32341 DESCRIPTION: IBM Sterling B2B Integrator could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. CVSS Base scor...

6.5CVSS6.4AI score0.00607EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 4:22 p.m.29 views

Security Bulletin: IBM Sterling B2B Integrator affected by multiple vulnerabilities due to snappy-java

Summary IBM Sterling B2B Integrator uses snappy-java. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-34455 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by the use of an unchecked chunk length in the...

7.5CVSS6.8AI score0.01762EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 4:19 p.m.22 views

Security Bulletin: IBM Sterlng B2B Integrator missing security attribute in cookie (CVE-2023-42016)

Summary IBM Sterling B2B Integrator has addressed a cookie security vulnerability. Vulnerability Details CVEID:CVE-2023-42016 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the...

4.3CVSS4.1AI score0.00272EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 1:4 p.m.41 views

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains a vulnerability around authentication validation that could allow bypassing access restrictions CVE-2023-41900 and a vulnerability around command quoting that could allow further attacks on the system CVE-2023-36479...

4.3CVSS5.2AI score0.01006EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/22 9:37 a.m.38 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-34623

Summary IBM Business Automation Workflow repackages parts of IBM Content Navigator attack. CVE-2023-34623 has been addressed. Vulnerability Details CVEID:CVE-2023-34623 DESCRIPTION: jtidy is vulnerable to a denial of service, caused by an out-of-bounds write error. By using a specially crafted...

7.5CVSS7.5AI score0.00866EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 5:16 p.m.37 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2024-21626)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in the runc component shipped with containerd where an attacker could gain unauthorized access to the host filesystem CVE-2024-21626. Vulnerability Details CVEID: CVE-2024-21626 Description: Open Container Initiati...

8.6CVSS8.9AI score0.16775EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 3:50 p.m.28 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a local authenticated attacker due to Eclipse IDE (CVE-2023-4218)

Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to a local authenticated attacker due to Eclipse IDE. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE coul...

5CVSS5AI score0.00386EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 2:52 p.m.29 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU is vulnerable to CVE-2023-33850

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2024 Critical Patch Update, plus CVE-2023-33850. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack: Jazz Foundation, IBM Jazz Reporting Service, IBM...

7.5CVSS7.3AI score0.00855EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 1:17 p.m.35 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains a vulnerability around authentication validation that could allow bypassing access restrictions, and a vulnerability around command quoting that could allow further attacks on the system. Vulnerability Details...

4.3CVSS5.2AI score0.01006EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 1:11 p.m.43 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an...

7.5CVSS8.2AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 12:53 p.m.40 views

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty.

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains vulnerabilities around request processing that could lead to a potential denial of service attack. Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an...

7.5CVSS8.2AI score0.99999EPSS
Exploits20Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 12:39 p.m.44 views

Security Bulletin: Multiple Oracle Outside In Technology vulnerabilities in IBM Engineering Requirements Management DOORS Next

Summary Multiple security vulnerabilities in Oracle Outside In Technology affect IBM Engineering Requirements Management DOORS Next. Vulnerability Details CVEID:CVE-2021-35573 DESCRIPTION: An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component cou...

7.5CVSS7.9AI score0.0198EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 9:52 a.m.9 views

Security Bulletin: Due to the use of Apache Commons Codec, IBM CICS Transaction Gateway for Multiplatforms is vulnerable to an information exposure.

Summary There is a vulnerability in Apache Commons Codec library which is shipped as part of IBM CICS Transaction Gateway for Multiplatforms. An update to IBM CICS Transaction Gateway for Multiplatforms has been released to address the vulnerability. Vulnerability Details IBM X-Force ID: 177835...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 9:37 a.m.40 views

Security Bulletin: Due to the use of jackson-databind, IBM CICS Transaction Gateway for Multiplatforms is vulnerable to a denial of service (CVE-2023-35116).

Summary There is a vulnerability in jackson-databind which is shipped as part of IBM CICS Transaction Gateway for Multiplatforms. An update to IBM CICS Transaction Gateway for Multiplatforms has been released to address the vulnerability. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION:...

4.7CVSS5.8AI score0.00352EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/21 9:27 a.m.16 views

Security Bulletin: Due to the use of IBM WebSphere Liberty, IBM CICS Transaction Gateway Desktop Edition and for Multiplatforms are vulnerable to weaker than expected security due to improper resource expiration handling (CVE-2023-46158).

Summary There is a vulnerability in IBM WebSphere Liberty, which is shipped as part of both IBM CICS Transaction Gateway Desktop Edition and IBM CICS Transaction Gateway for Multiplatforms. Updates to IBM CICS Transaction Gateway Desktop Edition and IBM CICS Transaction Gateway for Multiplatforms...

9.8CVSS6.9AI score0.00456EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/20 8:29 p.m.35 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2024 - Includes Oracle January 2024 CPU plus CVE-2023-33850

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7.5CVSS7.7AI score0.00855EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/20 7:43 p.m.18 views

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to Python-requests Proxy-Authorization header leak ( CVE-2023-32681)

Summary Python-requests is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator for Scheduler installation. This vulnerability is addressed Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: python-requests could allow a remote attacker to obtain sensitive information,...

6.1CVSS6.3AI score0.02782EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/20 7:40 p.m.32 views

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator vulnerabilities

Summary Ansible-operator is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities. Vulnerability Details CVEID:CVE-2023-24539 DESCRIPTION: Go is vulnerable t...

9.8CVSS8.8AI score0.0156EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/20 7:38 p.m.79 views

Security Bulletin: A Python Vulnerability Affects IBM Cloud Pak for Data Scheduling ( CVE-2023-27043 )

Summary Python is used by IBM Cloud Pak for Data Scheduling, to install the Scheduler for IBM Cloud Pak for Data. A reported parsing flaw in Python is addressed. Vulnerability Details CVEID:CVE-2023-27043 DESCRIPTION: Python could allow a remote attacker to bypass security restrictions, caused by...

5.3CVSS5.7AI score0.02507EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35155