Lucene search
K

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:53 p.m.8 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 8.0.9 Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do...

9.8CVSS7.5AI score0.37246EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:34 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/tls [CVE-2025-68121]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Certificate Validation in crypto/tls, due to false validation between the initial handshake and the resumed handshake when the Config has its ClientCAs or RootCAs fields mutated CVE-2025-68121. Crypto/tls is used in our speech...

10CVSS6.7AI score0.00765EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:32 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in the Base OS image package: Scrapy [CVE-2025-6176]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in the Base OS image package: Scrapy, due to a flaw in its brotli decompression implementation. CVE-2025-6176. We have updated the base image used by our Speech Services and the following vulnerability has been...

7.5CVSS6.9AI score0.00509EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:27 p.m.14 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

10CVSS7AI score0.00765EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:22 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in Apache Tomcat [CVE-2026-24734]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in Apache Tomcat, due to a failure to complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed CVE-2026-24734. Apache Tomcat is used in our speech...

7.5CVSS5.7AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:21 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial-of-Service in pyasn1 [CVE-2026-23490]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial-of-Service in pyasn1, caused by memory exhaustion from malformed RELATIVE-OID with excessive continuation octets CVE-2026-23490. Pyasn1 is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please rea...

7.5CVSS6.8AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:19 p.m.12 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK [CVE-2025-14009]

Summary IBM Watson Speech Services Cartridge is vulnerable to code injection in NLTK, due to an issue in in the NLTK downloader component of nltk/nltk that causes the unzipiter function in nltk/downloader.py to fail to perform path validation or security checks CVE-2025-14009. NLTK is used in our...

10CVSS7.7AI score0.0079EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:18 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in NLTK [CVE-2026-0848]

Summary IBM Watson Speech Services Cartridge is vulnerable arbitrary code execution in NLTK, due to improper input validation in the StanfordSegmenter module CVE-2026-0848. NLTK is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

10CVSS8AI score0.00777EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:13 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal in NLTK [CVE-2026-0847]

Summary IBM Watson Speech Services Cartridge is vulnerable to Path Traversal in NLTK, due to an issue which allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. CVE-2026-0847 NLTK is used ...

8.6CVSS7.8AI score0.00924EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:11 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Name Handling in Werkzeug [CVE-2026-27199]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Name Handling in Werkzeug, due to a safejoin function, that allows Windows device names as filenames if preceded by other path segments, which can cause file reading to hang indefinately CVE-2026-27199. Werkzeug is used in our...

6.3CVSS6.4AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:9 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git [CVE-2026-25934]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Validation of Integrity Check Value in go-git, due to an issue where data integrity values for .pack and .idx files were not properly verified CVE-2026-25934. GO-git is used as a component of our ibm-watson-speech-catalog...

4.3CVSS7AI score0.00136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:9 p.m.7 views

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to cross-site scripting due to IBM WebSphere Application Server Liberty (CVE-2025-12635)

Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...

5.4CVSS5.6AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:8 p.m.3 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools [CVE-2025-47273]

Summary M Watson Speech Services Cartridge is vulnerable to a path traversal in setuptools, due to an issue that allows users to download, build, install, upgrade, and uninstall Python packages CVE-2025-47273. Setuptools is used in our speech service runtimes. This vulnerabilitiy has been...

8.8CVSS7.4AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:6 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Write in Python Pillow [CVE-2026-25990]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Out-of-bounds Write in Python Pillow, due to an issue that allows this condition to be triggered through the loading of a specially crafted PSD image CVE-2026-25990. Python Pillow is used in our speech service runtimes. This...

8.6CVSS5.9AI score0.00367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:3 p.m.2 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal in ONNX [CVE-2025-51480]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal, due to an issue with onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 that allows attackers to bypass intended directory restrictions. CVE-2025-51480. Onnx is used in our speech service runtimes. This...

8.8CVSS7.3AI score0.00578EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:1 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Insufficient Verification of Data Authenticity in cryptography [CVE-2026-26007]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Insufficient Verification of Data Authenticity in cryptography, due to a condition where the publickeyfromnumbers or EllipticCurvePublicNumbers.publickey, EllipticCurvePublicNumbers.publickey, loadderpublickey and loadpempublickey...

8.2CVSS6.4AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 2:59 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in google.protobuf [CVE-2026-0994]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in google.protobuf, due to an issue that allows maxrecursiondepth limit to be bypassed when parsing nested google.protobuf.Any messages. CVE-2026-0994. Google.protobuf is used in our speech service runtimes. This...

8.2CVSS6.6AI score0.00613EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 2:57 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock [CVE-2026-22701]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock, due to a TOCTOU race condition vulnerability that exists in the SoftFileLock implementation of the filelock package CVE-2026-22701. Filelock is used in our speech service...

5.3CVSS5.7AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 2:56 p.m.2 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock [CVE-2025-68146]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Link Resolution Before File Access in filelock, caused by a Time-of-Check-Time-of-Use TOCTOU race condition that allows local attackers to corrupt or truncate arbitrary user files through symlink attacks CVE-2025-68146...

6.5CVSS7.3AI score0.00184EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 2:34 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an early termination condition in golang.org/x/crypto [CVE-2025-47913]

Summary IBM Watson Speech Services Cartridge is vulnerable to an early termination condition in golang.org/x/crypto, due to an issue with SSH clients CVE-2025-47913. golang.org/x/crypto is used in our Speech Operators. This vulnerabilitiy has been addressed. Please read the details for remediatio...

7.5CVSS6.6AI score0.00591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:40 a.m.6 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access (CVE-2026-5926)

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2026-5926 DESCRIPTION: IBM Security Verify Access uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly...

6.5CVSS5.8AI score0.00181EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 10:36 p.m.10 views

Security Bulletin: IBM i is Affected by Security Control Bypass and Uncontrolled Resource Consumption Vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2026-21925, CVE-2026-21933, CVE-2026-21932, CVE-2026-21945]

Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to denial-of-service CVE-2026-21945 and bypassing security controls to read and change data CVE-2026-21932, CVE-2026-21933, CVE-2026-21925...

7.5CVSS6.4AI score0.00864EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 9:49 p.m.3 views

Security Bulletin: vulerability in IBM Spectrum Symphony with spring framework

Summary vulerability in IBM Spectrum Symphony with spring framework Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

5.3CVSS5.8AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 9:48 p.m.4 views

Security Bulletin: vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty

Summary vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass...

7.5CVSS5.9AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 9:46 p.m.4 views

Security Bulletin: Vulerability in IBM Spectrum Symphony with OpenSSL

Summary Vulerability in IBM Spectrum Symphony with OpenSSL Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDS...

4.1CVSS5.8AI score0.00601EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 8:55 p.m.3 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pyasn1-0.6.1.tar.gz

Summary IBM Watson Discovery Cartridge affected by vulnerability in pyasn1-0.6.1.tar.gz Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed...

7.5CVSS5.7AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 6:45 p.m.6 views

Security Bulletin: IBM Planning Analytics Cartridge has addressed a security vulnerability in Docker CLI (CVE-2025-15558)

Summary IBM Planning Analytics Cartridge is considered affected by a vulnerability in Docker CLI Vulnerability Details CVEID:CVE-2025-15558 DESCRIPTION: Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A...

8CVSS5.8AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 6:2 p.m.9 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union...

7.5CVSS7.5AI score0.00844EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 3:46 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the...

5.3CVSS5.8AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 3:39 p.m.6 views

Security Bulletin: Remediation of Hibernate Vulnerability in IBM Library Support for Hibernate

Summary Hibernate Vulnerability has been addressed in IBM Library Support for Hibernate Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially...

8.3CVSS5.6AI score0.00782EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 2:11 p.m.2 views

Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the cryptography package (CVE-2026-34073)

Summary The cryptography package is used by the z/TPF system as part of runtime metrics collection RTMC. Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS nam...

6.3CVSS5.7AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 1:50 p.m.5 views

Security Bulletin: Due to the use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition is affected by vulnerability (CVE-2025-13333).

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is affected by vulnerability CVE-2025-13333. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- I...

4.9CVSS5.7AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 1:7 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in tar-6.2.1.tgz Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path...

8.8CVSS5.8AI score0.00233EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 11:58 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high...

7.5CVSS5.8AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 10:6 a.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service (CVE-2026-34043)

Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

7.5CVSS5.7AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/13 10:5 a.m.5 views

Security Bulletin: Due to the use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition is affected by vulnerability (CVE-2024-29371)

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is affected by a denial of service due to jose4j CVE-2024-29371. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

7.5CVSS7.2AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 11:20 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

8.8CVSS6.8AI score0.62368EPSS
Exploits3Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 8:0 p.m.10 views

Security Bulletin: IBM webMethods API Management fails to validate user input and enables unauthorized arbitrary file read (CVE-2026-2606)

Summary IBM webMethods API Management on-prem fails to properly validate user-supplied input passed to the url parameter on the /createapi endpoint. An attacker can modify this parameter to use a file:// URI schema instead of the expected https:// schema, enabling unauthorized arbitrary file read...

6.5CVSS5.7AI score0.00302EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 5:45 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.3.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.3.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-66019 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which...

8.7CVSS6.9AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:43 p.m.2 views

Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty,Spring Cloud Netflix Zuul,Spring Framework,Spring Security,NPM package,glob-parent package,jQuery,Braces, go-redis,qs,LZ4,js-yaml might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, Spring Cloud Netflix Zuul , Spring Framework, Spring Security, NPM package, glob-parent package, jQuery, Braces, go-redis, qs, LZ4 and js-yaml. Vulnerabilities include , bypassing the...

8.1CVSS7.3AI score0.7848EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:43 p.m.8 views

Security Bulletin: Vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in hoek, Bouncy Castle Inc, Spring Framework, golang, Apache Commons, semver and Google Guava. Vulnerabilities include allowing a malicious user to modify the prototype of "Object" via proto, causing the addition...

8.8CVSS7.2AI score0.35681EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:41 p.m.8 views

Security Bulletin: Vulnerabilities in Jetty, Eclipse Jetty, minimatch, url-regex, jsdiff, golang, qs and Apache Tomcat might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jetty, Eclipse Jetty, minimatch, url-regex, jsdiff, golang, qs and Apache Tomcat. Vulnerabilities include the flaw in Eclipse Jetty could be used to bypass the authorization imposed by the intermediary as the...

9.8CVSS7AI score0.20985EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:40 p.m.5 views

Security Bulletin: Vulnerabilities in Apache Tomcat and hoek might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and hoek. Vulnerabilities include Relative Path Traversal vulnerability in Apache Tomcat, Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat, Improper...

9.6CVSS7.1AI score0.66535EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:36 p.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

5.5CVSS5.8AI score0.00216EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:21 p.m.4 views

Security Bulletin: Vulnerabilities in urllib3, router, qs, cryptography, axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in urllib3, router, qs, cryptography, and axios. Vulnerabilities include allowing an attacker to cause cross-site scripting, input improper data, provide a public key point from a small order subgroup, an...

8.9CVSS7.2AI score0.02667EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:21 p.m.7 views

Security Bulletin: Vulnerabilities in lodash, qs might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in lodash, qs, and react-router. Vulnerabilities include allowing an attacker to cause improper modification of object attributes, open redirect, and denial of service. More details are described by the...

8.2CVSS6.4AI score0.01535EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:17 p.m.5 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow server core

Summary Due to use of Undertow, DevOps Test Performance and Rational Performance Tester contain a potential improper input validation vulnerability. CVE-2025-12543 Vulnerability Details CVEID:CVE-2025-12543 DESCRIPTION: A flaw was found in the Undertow HTTP server core, which is used in WildFly,...

9.6CVSS7.3AI score0.01179EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:14 p.m.7 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server component

Summary Due to use of the Undertow web server component, DevOps Test Performance and Rational Performance Tester contain a potential vulnerability that can cause a denial of service DoS. CVE-2024-3884 Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cau...

7.5CVSS5.8AI score0.01256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:46 p.m.8 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Hibernate library

Summary Due to use of the Hibernate library, DevOps Test Performance and Rational Performance Tester contain a potential SQL injection vulnerability. CVE-2026-0603 Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could...

8.3CVSS6AI score0.00782EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:41 p.m.3 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of React Router

Summary Due to use of React Router, DevOps Test Performance and Rational Performance Tester contain a potential Cross-Site Scripting XSS vulnerability. CVE-2026-22029 Vulnerability Details CVEID:CVE-2026-22029 DESCRIPTION: React Router is a router for React. In @remix-run/router version prior to...

8CVSS6.2AI score0.0077EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35596