Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 1:39 p.m.5 views

Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang CoreDNS library

Summary Golang CoreDNS library is used by the IBM Storage Protect Server OSSM component. Golang CoreDBS is vulnerable to Denial of service , This bulletin identifies the steps to address the vulnerabilities. CVE-2025-58063. Vulnerability Details CVEID:CVE-2025-58063 DESCRIPTION: CoreDNS is a DNS...

7.1CVSS8.5AI score0.00407EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 1:38 p.m.4 views

Security Bulletin: IBM Storage Protect Server is vulnerable to remote compromise by unauthenticated attacker with network access via multiple protocols due to IBM SDK, Java (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761,CVE-2025-30754)

Summary IBM SDK, Java is vulnerable to remote compromise by unauthenticated attacker with network access via multiple protocols IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the...

8.1CVSS6.2AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 1:37 p.m.5 views

Security Bulletin: Security Configuration vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2024-56339)

Summary IBM WebSphere Application Server Liberty is vulnerable to a security configuration attack which can affect IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere...

7.5CVSS6AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 1:14 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM QRadar SIEM

Summary Multiple vulnerabilities were addressed in IBM QRadar SIEM version 7.5.0 UP14 IF02 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrit...

8.6CVSS6.3AI score0.9378EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 12:47 p.m.8 views

Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang coredns library

Summary Golang coredns library is used by the IBM Storage Protect Server Object Agent and OSSM component. Golang coredns is vulnerable to Denial of Service, This bulletin identifies the steps to address the vulnerabilities. CVE-2025-47950. Vulnerability Details CVEID:CVE-2025-47950 DESCRIPTION:...

7.5CVSS8.1AI score0.01132EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 12:22 p.m.4 views

Security Bulletin: Vulnerability in IBM Java may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Space Management and IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by ulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM...

8.1CVSS6AI score0.01058EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 9:12 a.m.14 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.0

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotatio...

9.1CVSS8.6AI score0.01916EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 8:46 a.m.7 views

Security Bulletin: Multiple Vulnerabilities affect IBM Watson Studio in Cloud Pak for Data.

Summary Multiple vulnerabilities have been addressed in IBM Watson Studio in Cloud Pak for Data version 5.2.2 Vulnerability Details CVEID:CVE-2024-3568 DESCRIPTION: The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the...

9.8CVSS9.1AI score0.02803EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 8:22 a.m.6 views

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms.

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address these vulnerabilities Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js...

7.5CVSS7AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 8:20 a.m.8 views

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard. IBM WebSphere Liberty has been updated within IBM CICS TX Standard to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...

7.5CVSS6.9AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 8:17 a.m.4 views

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced.

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...

7.5CVSS6.9AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 8:3 a.m.7 views

Security Bulletin: IBM Storage Protect Operations Center is vulnerable to improper access control and stack overflow due to IBM SDK, Java (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary IBM SDK, Java is vulnerable to improper access control and stack overflow, IBM Storage Protect Operations Center uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the...

7.8CVSS6.3AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 8:2 a.m.7 views

Security Bulletin: IBM Storage Protect Server is vulnerable to improper access control and stack overflow due to IBM SDK, Java (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary IBM SDK, Java is vulnerable to improper access control and stack overflow, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL...

7.8CVSS6.3AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 5:51 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses torch - 2.2.0+cpu which is vulnerable to CVE-2025-32434.

Summary IBM Maximo Application Suite - Monitor Component uses torch - 2.2.0+cpu which is vulnerable to CVE-2025-32434. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-32434 DESCRIPTION: PyTorch is a Python package that provides tensor...

9.8CVSS6.9AI score0.01878EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 5:22 a.m.6 views

Security Bulletin: Apache Tomcat Improper Resource Shutdown Enables Made You Reset Attack, affects watsonx.data

Summary Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be...

7.5CVSS6.8AI score0.03389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 5:21 a.m.8 views

Security Bulletin: Moby Multiple Concurrency and NULL Pointer Dereference Vulnerabilities Leading to DoS and Data Corruption, affects watsonx.data

Summary Multiple vulnerabilities affect Moby across versions 25.x–26.0.2, including a NULL pointer dereference in daemon/images/imagehistory.go v25.0.0–v26.0.2 that can crash the daemon, a race condition in builder/builder-next/adapters/snapshot/layer.go v25.0.5 that allows concurrent builds to...

8.1CVSS8.6AI score0.00779EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 5:20 a.m.5 views

Security Bulletin: Oracle Java SE and GraalVM 2D Component Remote Code Execution Vulnerability, affects watsonx.data

Summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and...

8.6CVSS6.8AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 10:26 p.m.5 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale if the HDFS layer is enabled are now addressed in 5.2.3.5 (CVE-2025-58056, CVE-2025-58057)

Summary The following vulnerabilities, which may affect IBM Storage Scale when the HDFS layer is enabled and could lead to weaker-than-expected security, have been remediated in Storage Scale version 5.2.3.5 or later: CVE-2025-58056, CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58056...

7.5CVSS6.3AI score0.00631EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 8:57 p.m.8 views

Security Bulletin: Vulnerabilities in gnutls affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in gnutls affect IBM Storage Virtualize products and could cause denial of service, confidentiality and integrity impacts. CVE-2025-32988 CVE-2025-32989. Vulnerability Details CVEID:CVE-2025-32988 DESCRIPTION: A flaw was found in GnuTLS. A double-free vulnerability exists ...

8.2CVSS6.5AI score0.01185EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 2:46 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor...

8.7CVSS6.9AI score0.64718EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 2:43 p.m.31 views

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...

9.3CVSS8.1AI score0.17027EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 2:9 p.m.8 views

Security Bulletin: IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997.

Summary IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-32996 DESCRIPTION: In http-proxy-middleware before 2.0.8 and 3.x before...

5.3CVSS6.7AI score0.00414EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 2:8 p.m.9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6051.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6051. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-6051 DESCRIPTION: A Regular Expression Denial of Service...

5.3CVSS6.7AI score0.00349EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 1:28 p.m.10 views

Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to C-Ares

Summary C-Ares is used in IBM DataPower Gateway's DNS resolver Vulnerability Details CVEID:CVE-2025-31498 DESCRIPTION: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS...

8.3CVSS6.5AI score0.00555EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 1:9 p.m.5 views

Security Bulletin: IBM QRadar SIEM is affected by an information disclosure vulnerability

Summary IBM QRadar SIEM is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update. Vulnerability Details CVEID:CVE-2024-56464 DESCRIPTION: IBM QRadar SIEM could allow a privileged user to enumerate...

2.7CVSS6AI score0.00249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 8:44 a.m.6 views

Security Bulletin: gRPC HTTP/2 HPACK Desynchronization Vulnerability Allowing Header Leakage and Privilege Escalation, affects watsonx.data

Summary When gRPC encountered an exceeded header size error, it stopped parsing the remainder of the HPACK frame. This also prevented HPACK dynamic table updates from being processed, causing the sender and receiver HPACK tables to fall out of sync. In environments using an HTTP 2 proxy in front ...

7.5CVSS6.6AI score0.00531EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 8:41 a.m.6 views

Security Bulletin: Jetty HTTP/2 Unvalidated SETTINGS_MAX_HEADER_LIST_SIZE Leads to Out-of-Memory DoS , affects watsonx.data

Summary In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified...

7.5CVSS6.8AI score0.00625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 7:2 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-5197.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-5197. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-5197 DESCRIPTION: A Regular Expression Deni...

5.3CVSS6.4AI score0.00361EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 6:12 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6921.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6921. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-6921 DESCRIPTION: The huggingface/transformers library,...

7.5CVSS6.7AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/04 6:6 a.m.7 views

Security Bulletin: IBM Edge Data Collector usescurve25519-dalek-3.2.0.crate which is vulnerable to CVE-2024-58262.

Summary IBM Edge Data Collector usescurve25519-dalek-3.2.0.crate which is vulnerable to CVE-2024-58262. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-58262 DESCRIPTION: The curve25519-dalek crate before 4.1.3 for Rust has a constant-time...

5.1CVSS6.8AI score0.00152EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 7:6 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2025) affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2025. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

7.5CVSS6.4AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 3:34 p.m.8 views

Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]

Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The methods in the classes listed below fail to restrict inpu...

6.7AI score
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 1:12 p.m.6 views

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Netcool Configuration Manager (ITNCM), is affected by SMTP injection due to Jakarta Mail(CVE-2025-7962).

Summary WebSphere Application Server, used by IBM Tivoli Netcool Configuration Manager ITNCM, is affected by SMTP injection due to Jakarta Mail. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

7.5CVSS7AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 11:23 a.m.6 views

Security Bulletin: Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885).

Summary Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability CVE-2025-8885. The FIPS 140-2 Bouncy Castle Crypto package has been updated in order to address the vulnerability. Vulnerability...

6.3CVSS6.7AI score0.00505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 11:8 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector

Summary Multiple vulnerabilities were addressed in IBM Disconnected Log Collector version 2.0.0. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

8.8CVSS9.2AI score0.08665EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 8:28 a.m.8 views

Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate...

5.9CVSS7.1AI score0.00487EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 6:6 a.m.14 views

Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...

8.1CVSS7.7AI score0.26049EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 4:15 a.m.12 views

Security Bulletin: WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.js

Summary WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.jsCVE-2020-36732 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an...

5.3CVSS6.8AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 7:10 p.m.10 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary There is a vulnerability in the Jakarta Mail library which affects IBM WebSphere Application Server traditional JavaMail and affects WebSphere Application Server Liberty with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details CVEID:CVE-2025-7962...

7.5CVSS5.2AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 4:28 p.m.7 views

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attacke...

8.7CVSS5.7AI score0.00689EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 2:51 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM QRadar Use Case Manager app

Summary Multiple vulnerabilities were addressed in IBM QRadar Use Case Manager app version 4.1.0 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...

9.4CVSS5.5AI score0.02278EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 2:40 p.m.7 views

Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236)

Summary Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2025-36251, CVE-2025-36250, obtain Network Installation Manager NIM private keys CVE-2025-36096, or traverse directories CVE-2025-36236. These vulnerabilities are addressed through the fixes referenced ...

10CVSS9.4AI score0.00632EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 12:30 p.m.5 views

Security Bulletin: Elasticsearch node crash triggered by crafted pipeline using PatternBank recursion, affects watsonx.data

Summary A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigne...

6.5CVSS6.7AI score0.00467EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 11:49 a.m.9 views

Security Bulletin:Multiple Vulnerabilities in IBM Event Endpoint Management

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.7.0 Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

5.8CVSS5.8AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 11:45 a.m.6 views

Security Bulletin:Multiple Vulnerabilities in IBM Event Endpoint Management

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.7.0 Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data...

8.2CVSS6.2AI score0.02164EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 10:43 a.m.16 views

Security Bulletin: Vulnerability in IBM Java may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Space Management and IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by DDL component that could allow a remote attacker to cause high confidentiality...

7.8CVSS6.2AI score0.0073EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 10:39 a.m.10 views

Security Bulletin: Due to use of Business Automation Workflow, Cloud Pak System is affected by out-of-bounds write vulnerability [CVE-2022-42920]

Summary IBM Business Automation Workflow is shipped as IBM Business Automation Workflow Pattern Type pType of IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class...

9.8CVSS6.8AI score0.02836EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 9:40 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.8AI score0.00421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 9:39 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service which is vulnerable to CVE-2025-36000.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service which is vulnerable to CVE-2025-36000. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36000...

4.8CVSS6AI score0.00165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 9:38 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a security bypass in JMS messaging which is vulnerable to CVE-2025-36124.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a security bypass in JMS messaging which is vulnerable to CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.5AI score0.00369EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608