Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 11:20 a.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary IBM Event Processing was affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2025-57752 DESCRIPTION: Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0....

7.5CVSS5.2AI score0.00687EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 11:16 a.m.3 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms

Summary Multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in October 2025 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

7.5CVSS6.3AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 11:13 a.m.6 views

Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.

Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions...

7.5CVSS4.5AI score0.00126EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 11:11 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2025-53066, CVE-2025-53057)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to...

7.5CVSS6.4AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 9:37 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerabilit...

7.5CVSS6.5AI score0.00876EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 9:36 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of...

6.3CVSS6.6AI score0.00092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 7:9 a.m.7 views

Security Bulletin: IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410

Summary IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410. This bulletin contains information regarding the vulnerability and its fixture...

5.2CVSS5.4AI score0.002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 6:15 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2025-1550.

Summary IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2025-1550. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-1550 DESCRIPTION: The Keras Model.loadmodel function permits...

9.8CVSS7.4AI score0.07973EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 4:48 a.m.5 views

Security Bulletin: IBM® IBM Common Licensing using WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary Vulnerability in javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 features affects IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.11 with specific features enabled. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, and addressed in this...

7.5CVSS6.7AI score0.00054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/05 12:41 a.m.14 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2024-12243 DESCRIPTION: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1,...

7.8CVSS6.1AI score0.01227EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/03 6:58 p.m.5 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with WebSphere Remote Server, are affected by cross-site scripting (CVE-2025-12635)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...

5.4CVSS5.6AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/02 6:17 p.m.11 views

Security Bulletin: Rational Performance Tester contains a vulnerability which could lead to potential remote code execution

Summary Due to the use of the Apache Xalan Java XLST library, Rational Performance Tester contains a vulnerability that could lead to potential remote code execution. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execut...

7.5CVSS8.1AI score0.10953EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/02 6:15 p.m.7 views

Security Bulletin: Rational Performance Tester contains a vulnerability that could result in unauthorized data access

Summary Rational Performance Tester use of the Java AsyncHttpClient library can result in unauthorized data access. Vulnerability Details CVEID:CVE-2024-53990 DESCRIPTION: The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP...

9.2CVSS6.5AI score0.00441EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/02 6:10 p.m.5 views

Security Bulletin: Rational Performance Tester contains a vulnerability which could affect its use of the JavaScript HTTP client Axios

Summary Due to the use of the JavaScript HTTP client Axios, Rational Performance Tester contains a vulnerability which can result in a potential dential of service attack. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Whe...

7.5CVSS6.7AI score0.00257EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/02 6:5 p.m.8 views

Security Bulletin: Due to use of Bouncy Castle Rational Performance Tester is affected by multiple vulnerabilities

Summary Due to the use of Bouncy Castle, Rational Performance Tester contains vulnerabilities which could result a potential denial of service or sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: An issue was discovered in ECCurve.java and ECCurve.cs in...

7.5CVSS6.7AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/02 6:1 p.m.9 views

Security Bulletin: Due to the use of eclipse Jetty Rational Performance Tester is vulnerable to a denial of service

Summary Due to the use of Eclipse Jetty, Rational Performance Tester cotnains vulnerabilities around request processing CVE-2025-5115 Vulnerability Details CVEID:CVE-2025-5115 DESCRIPTION: In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigg...

7.7CVSS6.8AI score0.00573EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/02 5:56 p.m.7 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could result in a potential denial of service

Summary Due to the use of the Jackson Data Processor, Rational Performance Tester contains vulnerabilities could result in a potentail denial of service attack. CVE-2025-52999, CVE-2022-0468 Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental...

8.8CVSS6.9AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/02 5:43 p.m.6 views

Security Bulletin: Rational Performance Tester contains a vulnerability related to use of the Netty framework

Summary Due to the use of Netty, Rational Performance Tester contains a vulnerability which could result in an Out of Memory OOM condition. CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid...

7.5CVSS6.5AI score0.00063EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/02 5:37 p.m.7 views

Security Bulletin: Rational Performance Tester contains vulnerabilities related to the Netty framework

Summary Due to the use of Netty, Rational Performance Tester contains vulnerabilities that could allow HTTP request smuggling or a denial of service attack. CVE-2025-58056, CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network...

7.5CVSS6.6AI score0.00097EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/01 9:46 a.m.11 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-12635)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

5.4CVSS5.6AI score0.00019EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2026/01/01 9:45 a.m.5 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-7962)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS6.7AI score0.00054EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/31 3:31 p.m.5 views

Security Bulletin: IBM Event Streams is vulnerable to Uncontrolled Recursion vulnerability (CVE-2025-48924)

Summary IBM Event Streams is vulnerable to Uncontrolled Recursion vulnerability due to the use of the Apache Commons Lang artifact. This artifact primarily used for utility functions such as string manipulation, object comparison, and handling common operations that simplify Java development...

5.3CVSS6.6AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/31 3:23 p.m.5 views

Security Bulletin: IBM Event Streams is vulnerable to Weak Encryption (CVE-2025-45767)

Summary IBM Event Streams is vulnerable to weak encryption due to the JOSE library. JOSE is used for JSON Object Signing and Encryption in token-based authentication. Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is...

7CVSS7AI score0.00136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 5:57 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to HTTP Request/Response Smuggling in Grafana (CVE-2025-22871)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Golang via Grafana. CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line...

9.1CVSS6.6AI score0.00294EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 5:57 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information Through Data Queries in Golang Go (CVE-2023-45288)

Summary Golang Go is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2023-45288 Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION...

7.5CVSS6.5AI score0.64852EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 5:56 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-site Scripting in npm-serialize-javascript (CVE-2024-11831)

Summary npm-serialize-javascript is used by IBM Storage Ceph in assorted components. CVE-2024-11831 Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize...

5.4CVSS5.9AI score0.01129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 5:56 p.m.7 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in RGW (CVE-2024-48916)

Summary Ceph Rados Gateway RadosGW OIDC provider is used by IBM Storage Ceph in RGW. CVE-2024-48916 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2024-48916 DESCRIPTION: Ceph is a distributed object, block, and file storage...

8.1CVSS6.6AI score0.00043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 5:54 p.m.10 views

Security Bulletin: IBM Storage Ceph is vulnerable to Time-of-check Time-of-use in python-waitress (CVE-2024-49768)

Summary python-waitress is used by IBM Storage Ceph. CVE-2024-49768 Vulnerability Details CVEID:CVE-2024-49768 DESCRIPTION: Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a...

9.1CVSS6.6AI score0.00572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 5:53 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Exposure of Sensitive Information to an Unauthorized Actor in Grafana (CVE-2025-22866)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2025-22866 Vulnerability Details CVEID:CVE-2025-22866 DESCRIPTION: Due to the usage of a variable time instruction in the assembly...

4CVSS6.5AI score0.00022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 4:26 p.m.7 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to PostgreSQL

Summary IBM Sterling Connect:Direct for Microsoft Windows has addressed multiple vulnerabilities within PostgreSQL CVE-2025-12818 and CVE-2025-12817 Vulnerability Details CVEID:CVE-2025-12818 DESCRIPTION: Integer wraparound in multiple PostgreSQL libpq client library functions allows an applicati...

5.9CVSS6.7AI score0.00061EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 3:47 p.m.4 views

Security Bulletin: IBM i is affected by exposure of sensitive information and improper access control vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2025-53066, CVE-2025-53057]

Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to unauthorized access to data by using APIs in the JAXP component CVE-2025-53066 and creation, deletion or modification access to data by...

7.5CVSS6.2AI score0.00068EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 1:32 p.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM Operator for Apache Flink

Summary Multiple vulnerabilities were addressed in IBM Operator for Apache Flink version 1.4.5 Vulnerability Details CVEID:CVE-2021-39194 DESCRIPTION: kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide...

8.8CVSS6.5AI score0.94055EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 1:30 p.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high...

7.5CVSS6.5AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/30 12:59 p.m.13 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.5 Vulnerability Details CVEID:CVE-2025-30218 DESCRIPTION: Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which...

8.2CVSS6.3AI score0.00234EPSS
Exploits56Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 1:50 p.m.5 views

Security Bulletin: IBM Edge Data Collector uses runtime-7.25.9.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz which is vulnerable to CVE-2025-27789.

Summary IBM Edge Data Collector uses runtime-7.25.9.tgz, runtime-7.26.0.tgz, runtime-7.26.9.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next...

6.2CVSS6.2AI score0.0006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 1:49 p.m.5 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459.

Summary IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-55459 DESCRIPTION: An issue in keras 3.7.0 allows attackers to...

6.5CVSS7.4AI score0.00149EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 1:47 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6638 and CVE-2025-3777.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6638 and CVE-2025-3777. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-6638 DESCRIPTION: A Regular Expression...

7.5CVSS4.8AI score0.00055EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 1:46 p.m.4 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339.

Summary IBM Maximo Application Suite - Monitor Component uses on-headers-1.0.2.tgz which is vulnerable to CVE-2025-7339. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when...

3.4CVSS6.1AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 1:44 p.m.6 views

Security Bulletin: IBM Edge Data Collector uses webpack-dev-server - 4.15.2 which is vulnerable to CVE-2025-30360.

Summary IBM Edge Data Collector uses webpack-dev-server - 4.15.2 which is vulnerable to CVE-2025-30360. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-30360 DESCRIPTION: webpack-dev-server allows users to use webpack with a development server...

6.5CVSS7.3AI score0.00039EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 12:53 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could allow a remote attacker to bypass security restrictions and vulnerable to CVE-2024-56339.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could allow a remote attacker to bypass security restrictions and vulnerable to CVE-2024-56339. This bulletin contains information addressing the vulnerability. Vulnerability Details...

7.5CVSS5.9AI score0.00132EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 12:33 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses scikit_learn-1.3.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-5206.

Summary IBM Maximo Application Suite - Monitor Component uses scikitlearn-1.3.0-cp39-cp39-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-5206. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-5206 DESCRIPTION: A...

4.7CVSS4.6AI score0.00037EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 11:25 a.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.19 LTS and 12.19.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.5CVSS7.3AI score0.037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:38 a.m.6 views

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

7.5CVSS5.5AI score0.00063EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:37 a.m.4 views

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

7.5CVSS6.2AI score0.00097EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:37 a.m.6 views

Security Bulletin: Vulnerability in SSH servers which implement file transfer protocols affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in SSH servers which implement file transfer protocols has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to...

7.5CVSS6.2AI score0.00591EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:36 a.m.4 views

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

5.5CVSS6.6AI score0.00096EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:36 a.m.9 views

Security Bulletin: Vulnerability in validator.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in validator.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

6.1CVSS5.5AI score0.00054EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:28 a.m.4 views

Security Bulletin: Vulnerability in pip affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in pip has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

5.9CVSS8AI score0.00022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:28 a.m.4 views

Security Bulletin: Vulnerability in markdown-it affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in markdown-it has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

6.9CVSS5.1AI score0.00059EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:28 a.m.5 views

Security Bulletin: Vulnerability in DeepDiff affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in DeepDiff has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

10CVSS8.7AI score0.00267EPSS
Exploits0Affected Software1
Total number of security vulnerabilities34926