Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 10:38 a.m.5 views

Security Bulletin: Vulnerability in Perl affects IBM Netezza Appliance

Summary The Perl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2020-10543, CVE-2020-10878, CVE-2020-12723, CVE-2025-40909 Vulnerability Details CVEID:CVE-2020-10543 DESCRIPTION: Perl before 5.30.3 on 32-bit platforms allows a heap-based buff...

8.6CVSS7AI score0.04289EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 10:28 a.m.7 views

Security Bulletin: Vulnerability in Java SE affects IBM Netezza Appliance

Summary The Java SE package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235 Vulnerability Details CVEID:CVE-2024-21208 DESCRIPTION: Vulnerability in Java SE component: Networking. Difficult t...

4.8CVSS5.1AI score0.00171EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 10:20 a.m.4 views

Security Bulletin:Vulnerability in Requests affects IBM Netezza Appliance

Summary The Requests package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2024-47081 Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc...

5.3CVSS6.5AI score0.00208EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 10:12 a.m.3 views

Security Bulletin: Vulnerability in Requests affects IBM Netezza Appliance

Summary The Requests package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first...

5.6CVSS6.3AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 10:5 a.m.3 views

Security Bulletin: Vulnerability in linux-pam affects IBM Netezza Appliance

Summary The linux-pam package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-8941 Vulnerability Details CVEID:CVE-2025-8941 DESCRIPTION: A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing...

7.8CVSS5.7AI score0.00022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 9:53 a.m.3 views

Security Bulletin:Vulnerability in gnuTLSaffects IBM Netezza Appliance

Summary The gnuTLS package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-32988, CVE-2025-32990,CVE-2025-6395 Vulnerability Details CVEID:CVE-2025-32988 DESCRIPTION: A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due t...

8.2CVSS6.3AI score0.00292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 9:42 a.m.5 views

Security Bulletin: Vulnerability in HTTP::Tiny affects IBM Netezza Appliance

Summary The HTTP::Tiny package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2023-31486 Vulnerability Details CVEID:CVE-2023-31486 DESCRIPTION: HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecur...

8.1CVSS6.4AI score0.00767EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 9:38 a.m.2 views

Security Bulletin: Vulnerability in requests affects IBM Netezza Appliance

Summary The requests package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2023-32681 Vulnerability Details CVEID:CVE-2023-32681 DESCRIPTION: Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to...

6.1CVSS6.3AI score0.05933EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 9:33 a.m.5 views

Security Bulletin:Vulnerability in jetty-io affects IBM Netezza Appliance

Summary The jetty-io package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-1948 Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the...

7.5CVSS6.5AI score0.00576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 9:29 a.m.7 views

Security Bulletin: Vulnerability in zookeeper affects IBM Netezza Appliance

Summary The zookeeper package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-58457 Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore...

4.3CVSS6.8AI score0.00112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 9:25 a.m.3 views

Security Bulletin: Vulnerability in nimbus-jose-jwt affects IBM Netezza Appliance

Summary The nimbus-jose-jwt package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-53864 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker ...

5.8CVSS6.5AI score0.00143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 7:24 a.m.4 views

Security Bulletin: Vulnerability in netty-handler affects IBM Netezza Appliance

Summary The netty-handler package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-24970 Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...

7.5CVSS6.7AI score0.00953EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 7:1 a.m.4 views

Security Bulletin: Vulnerability in commons-lang;commons-lang3 affects IBM Netezza Appliance

Summary The commons-lang;commons-lang3 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-48924 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache...

5.3CVSS6.5AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 7:0 a.m.16 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a...

9.8CVSS7.7AI score0.60417EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 6:45 a.m.7 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (December 2025)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling...

8.8CVSS7.2AI score0.00092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 6:16 a.m.4 views

Security Bulletin: Vulnerability in spring-core affects IBM Netezza Appliance

Summary The spring-core package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-41249 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods...

7.5CVSS6.2AI score0.00112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 6:10 a.m.6 views

Security Bulletin:Vulnerability in libtiff affects IBM Netezza Appliance

Summary The libtiff package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-9900, CVE-2025-8176 Vulnerability Details CVEID:CVE-2025-9900 DESCRIPTION: A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered...

8.8CVSS7.1AI score0.00067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 5:55 a.m.14 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a...

9.8CVSS7.8AI score0.60417EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/16 5:45 a.m.8 views

Security Bulletin:Vulnerability in reactor-netty-http affects IBM Netezza Appliance

Summary The reactor-netty-http package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-22227 Vulnerability Details CVEID:CVE-2025-22227 DESCRIPTION: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. I...

6.1CVSS6.2AI score0.0011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 11:12 p.m.10 views

Security Bulletin: QRadar Suite Software includes components with a known vulnerability

Summary QRadar Suite Software includes components with a known vulnerability in React Server Components. This has been addressed in the update. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versio...

10CVSS7.8AI score0.84489EPSS
Exploits362Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 8:41 p.m.9 views

Security Bulletin: IBM Concert is vulnerable to remote code execution due to React (CVE-2025-55182)

Summary IBM Concert uses React which is vulnerable to remote code execution. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following...

10CVSS8.2AI score0.84489EPSS
Exploits362Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 8:38 p.m.8 views

Security Bulletin: IBM DataPower Gateway affected by multiple vulnerabilities in OS kernel

Summary Multiple vulnerabilities were addressed in IBM DataPower Gateway in version 10.6.6.0 Vulnerability Details CVEID:CVE-2025-21999 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in procgetinode Fix race between rmmod and /proc/XXX's inode...

7.8CVSS5.2AI score0.00105EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 8:22 p.m.8 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now fixed in Storage Scale System 6.2.3.3 and 7.0.0.0 or higher

Summary The following vulnerabilities, which can affect IBM Storage Scale System could provide weaker-than-expected security, are now fixed in Storage Scale System 6.2.3.3 and 7.0.0.0 or higher CVE-2024-50058, CVE-2024-46697, CVE-2024-43855, CVE-2024-42294, CVE-2024-36930, CVE-2024-42316,...

7.8CVSS6AI score0.08833EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 5:5 p.m.6 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by SMTP injection due to Jakarta Mail (CVE-2025-7962) in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by SMTP injection due to Jakarta Mail CVE-2025-7962 in IBM WebSphere Application Server Liberty. his has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is...

7.5CVSS4.3AI score0.00054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 3:43 p.m.5 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect its use of the MIME4J library

Summary Due to the use of the MIME4J library, Rational Performance Tester contains vulnerabilities that could result in improper input validation. Vulnerability Details CVEID:CVE-2024-21742 DESCRIPTION: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM...

5.3CVSS7.2AI score0.00636EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 3:39 p.m.15 views

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat and the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2025-66200 DESCRIPTION: moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP...

8.3CVSS6.5AI score0.00145EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 3:39 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.2.2 Vulnerability Details CVEID:CVE-2025-29087 DESCRIPTION: In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concatws SQL function can cause memory to be written beyond the end of a malloc-allocated...

8.2CVSS7.1AI score0.07815EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 3:38 p.m.5 views

Security Bulletin: Rational Performance Tester contains a vulnerability which could effect its use of the MIME4J library

Summary Due to the use of the MIME4J library, Rational Performance Tester contains a vulnerability that could potentially allow access to sensitive data. Vulnerability Details CVEID:CVE-2022-45787 DESCRIPTION: Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvid...

5.5CVSS5.2AI score0.00009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 3:26 p.m.10 views

Security Bulletin: Rational Performance Tester contains a vulnerability which could result in a denial of service

Summary Due to the use of the json-path library, Rational Performance Tester contains a vulnerability which could results in a potential denial of service attack. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path v2.8.0 was discovered to contain a stack overflow via the...

5.3CVSS6.6AI score0.00116EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 3:11 p.m.5 views

Security Bulletin: Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty

Summary Due to the use of Eclipse Jetty, Rational Performance Tester contains vulnerabilities that could result in a denial of service condition or bypass security restrictions. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's...

6.5CVSS6.8AI score0.01189EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 3:4 p.m.4 views

Security Bulletin: Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty

Summary Due to the use of Eclipse Jetty, Rational Service Tester contains vulnerabilities that could lead to a potential denial of service attack or bypass security restrictions. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's...

6.5CVSS6.8AI score0.01189EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 2:2 p.m.7 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-12635)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a cross-site scripting vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

5.4CVSS5.5AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 12:53 p.m.3 views

Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Java Runtime Environment

Summary While IBM DataPower Gateway does not use Java, some bundled components do, and the JRE has been updated proactively to address this CVE-2025-53057, CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...

7.5CVSS6.8AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 12:35 p.m.6 views

Security Bulletin: Vulnerability in expat affects IBM Netezza Appliance

Summary The expat package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-59375 Vulnerability Details CVEID:CVE-2025-59375 DESCRIPTION: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small docume...

7.5CVSS5.9AI score0.00102EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 11:19 a.m.6 views

Security Bulletin: due to the use of Apache Commons BeanUtils, IBM Transformation Extender Advanced is vulnerable to Improper Access Control vulnerability

Summary Apache Commons BeanUtils is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers . CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A...

8.8CVSS7.2AI score0.00258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 11:19 a.m.4 views

Security Bulletin: due to the use of Apache Commons Lang, IBM Transformation Extender Advanced is vulnerable to Uncontrolled Recursion vulnerability

Summary Apache Commons Lang is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers . CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This...

5.3CVSS6.2AI score0.00131EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 11:18 a.m.7 views

Security Bulletin: due to the use of Apache Commons FileUpload, IBM Transformation Extender Advanced is vulnerable to DoS vulnerability

Summary Apache Commons FileUpload is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers. CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...

7.5CVSS6.6AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 8:2 a.m.49 views

Security Bulletin: Vulnerability in openssh and libssh libraries (CVE-2023-28709) affects Power HMC

Summary The openssh and libssh libraries are used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process ...

7.5CVSS6.6AI score0.54214EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/15 5:56 a.m.6 views

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to IBM® SDK, Java™ Technology Edition

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Storage Insights which could allow a remote attacker to cause high confidentiality and high integrity impact. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM fo...

8.1CVSS5.7AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 9:4 p.m.5 views

Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to Jansson

Summary IBM DataPower Gateway uses Jansson as part of the On Demand Router ODR component Vulnerability Details CVEID:CVE-2013-6401 DESCRIPTION: Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to caus...

5CVSS6.4AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 8:44 p.m.13 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by multiple Apache Tomcat vulnerabilities (CVE-2025-55752, CVE-2025-61795)

Summary Apache Tomcat is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCDas part of the user web interface and API. CVE-2025-55752, CVE-2025-61795 Vulnerability Details CVEID:CVE-2025-55752 DESCRIPTION: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a...

7.5CVSS7.5AI score0.00274EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 8:43 p.m.4 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to an Insufficient Session Expiration vulnerability (CVE-2025-36)

Summary IBM DevOps Deploy / IBM UrbanCode Deploy UCD is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network...

5CVSS6.4AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 8:42 p.m.5 views

Security Bulletin: IBM DevOps Deploy is susceptible to a Cleartext Transmission of Sensitive Information (CVE-2025-13489)

Summary Certain versions of the IBM DevOps Deploy include a configuration file that does not enforce redirecting HTTP traffic to HTTPS as intended CVE-2025-13489 Vulnerability Details CVEID:CVE-2025-13489 DESCRIPTION: IBM DevOps Deploy transmits data in clear text that could allow an attacker to...

5.9CVSS6.2AI score0.00013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 8:42 p.m.7 views

Security Bulletin: IBM DevOps Deploy is susceptible to a Insufficiently Protected Credentials vulnerability (CVE-2025-14148)

Summary IBM DevOps Deploy could allow an authenticated user with LLM integration configuration privileges to recover a previously saved LLM API Token. CVE-2025-14148 Vulnerability Details CVEID:CVE-2025-14148 DESCRIPTION: IBM DevOps Deploy could allow an authenticated user with LLM integration...

6.5CVSS6.5AI score0.00031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 8:24 p.m.6 views

Security Bulletin: Vulnerabilities in Apache Kafka Client affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Summary: Potential vulnerability in Apache Kafka Client has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27817...

7.5CVSS6.8AI score0.21423EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 3:28 p.m.5 views

Security Bulletin: Vulnerabilities in Fasterxml Jackson,FasterXML Jackson Core,Bouncy Castle Java, Netty,Hibernate Validator,JCraft JSch,Apache Tomcat,Bootstrap might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Fasterxml Jackson,FasterXML Jackson Core,Bouncy Castle Java, Netty,Hibernate Validator,JCraft JSch,Apache Tomcat,Bootstrap.Vulnerabilities include Jackson-Modules-Java8 that can result in Causes a...

7.5CVSS7.1AI score0.26672EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 3:25 p.m.8 views

Security Bulletin: Vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookie might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eran Hammer cryptiles, PostCSS,Node.js,node-notifier,es5-ext ,MySQL Connectors,json-path and tough-cookier. Vulnerabilities include an attacker is able to brute force something that was supposed to be random, ...

9.8CVSS7.5AI score0.06248EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 2:2 p.m.5 views

Security Bulletin: IBM i is affected by an out-of-bounds read and write in OpenSSL [CVE-2025-9230]

Summary OpenSSL for IBM i is vulnerable to an out-of-bounds read and write when decrypting CMS messages encrypted using password based encryption CVE-2025-9230 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application...

7.5CVSS7AI score0.00041EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 1:24 p.m.6 views

Security Bulletin: Vulnerabilities in Eclipse Jersey might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eclipse Jersey. Vulnerability include a race condition can cause ignoring of critical SSL configurations which could lead to unauthorized trust in insecure servers as described by the CVEs in the "Vulnerabilit...

9.4CVSS6.8AI score0.00042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/12 1:4 p.m.5 views

Security Bulletin: Vulnerabilities in brace-expansion, tmp, urllib3, pycryptodomex and cross-site request forgery might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in brace-expansion, tmp, urllib3, pycryptodomex, and cross-site request forgery. Vulnerabilities include launching remote attacks, arbitrary file and directory writes, obtain sensitive information, disabl...

6.5CVSS5.8AI score0.00469EPSS
Exploits3Affected Software1
Total number of security vulnerabilities34926