Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 2:27 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-5889]

Summary Node.js module brace-expansion is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

3.1CVSS5.4AI score0.00092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 12:29 p.m.3 views

Security Bulletin: IBM ICCSAP cross site scripting vulnerablity fix.

Summary Vulnerability were disclosed part of Cross Site Scripting With PDF Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126,...

8.8CVSS7.8AI score0.40321EPSS
Exploits14Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 11:52 a.m.3 views

Security Bulletin: WebSphere Application Server bundled with IBM Tivoli Composite Application Manager for Application Diagnostics is affected by a remote attacker to bypass security restrictions

Summary WebSphere Application Server is included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. CVE-2024-56339 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

7.5CVSS6.6AI score0.00132EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 11:40 a.m.3 views

Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON

Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...

7.5CVSS6.5AI score0.00533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 10:13 a.m.18 views

Security Bulletin: IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493.

Summary IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

8.2CVSS6.7AI score0.00308EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 9:57 a.m.12 views

Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.302 Vulnerability Details CVEID:CVE-2025-0913 DESCRIPTION: os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a...

9.8CVSS6.7AI score0.01689EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 4:54 a.m.3 views

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition could provide weaker than expected security for TLS connections

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, could provide weaker than expected security for TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/16 4:47 a.m.6 views

Security Bulletin: IBM App Connect Enterprise Toolkit and Intregation Bus for z/OS Toolkit are vulnerable to an Origin Validation Error due to Paho Java Client ( CVE-2019-11777 )

Summary IBM App Connect Enterprise Toolkit and Intregation Bus for z/OS Toolkit are vulnerable to an Origin Validation Error due to Paho Java Client. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server...

7.5CVSS6.5AI score0.01278EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 6:24 p.m.10 views

Security Bulletin: Vulnerability in HMC affects improper neutralization of input during web page generation ('Cross-site Scripting') (CVE-2025-36125) on Power HMC.

Summary Vulnerability in HMC affects improper neutralization of input during web page generation 'Cross-site Scripting' on Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36125 DESCRIPTION: IBM Hardware Management Console - Power i...

6.4CVSS5.9AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 4:27 p.m.9 views

Security Bulletin: IBM OpenPages Application API Response Caching Header Update

Summary Some IBM OpenPages API responses currently use the caching directive Cache-Control: max-age=0 instead of the more secure Cache-Control: no-store. While max-age=0 means the content is immediately stale, it may still be stored temporarily in browsers or intermediary caches. For sensitive...

4CVSS6.4AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 3:56 p.m.5 views

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2025 - Includes OpenJDK April 2025 CPU plus two additional CVEs

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2025 - Includes OpenJDK April 2025 CPU with CVEs CVE-2025-21587, CVE-2025-30698, CVE-2025-2900, and CVE-2025-4447 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.8CVSS6.6AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 3:52 p.m.2 views

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU with CVEs CVE-2024-21217, CVE-2024-21208, CVE-2024-10917, CVE-2024-9143 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.3CVSS6.7AI score0.00883EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 3:50 p.m.4 views

Security Bulletin: IBM OpenPages fixes multer package vulnerability

Summary Vulnerability in the multer-1.4.5-lts.1.tgz package with IBM OpenPages has been addressed in the latest IBM OpenPages fix pack version for 9.0 and mod version for 9.1 Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data...

7.5CVSS7.1AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 2:46 p.m.5 views

Security Bulletin: IBM watsonx Code Assistant On Prem product affected by h11 HTTP Chunk Handling Vulnerability

Summary A vulnerability CVE-2025-43859 has been identified in the h11 Python library, which impacts the IBM watsonx Code Assistant On-Premises product. This bulletin outlines the necessary steps to address and remediate the vulnerability. Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h1...

9.1CVSS7AI score0.00202EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 1:42 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager ( CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

8.1CVSS6.7AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 1:10 p.m.5 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability ha...

8.8CVSS6.8AI score0.21423EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 7:56 a.m.2 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses crypto/x509 which is vulnerable to this CVE-2025-22874

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses crypto/x509 which is vulnerable to this CVE-2025-22874 Vulnerability Details CVEID:CVE-2025-22874 DESCRIPTION: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally...

7.5CVSS6.7AI score0.00076EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/15 7:4 a.m.6 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF001 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be us...

9.8CVSS7.3AI score0.03834EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 10:12 p.m.6 views

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

4.8CVSS5.3AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 9:17 p.m.5 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.3CVSS6.6AI score0.00876EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 9:16 p.m.2 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS6.6AI score0.00876EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 9:14 p.m.8 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.3CVSS6.6AI score0.00876EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 8:46 p.m.2 views

Security Bulletin: A vulnerability in IBM Java SDK (July 2025) affects IBM InfoSphere Information Server (CVE-2025-30754)

Summary There is a vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. The issue was disclosed as part of the IBM Java SDK updates in July 2025. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Jav...

4.8CVSS5.2AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 5:11 p.m.7 views

Security Bulletin: This Power System update is being released to address CVE-2025-36035

Summary The PowerVM hypervisor is vulnerable to a carefully crafted IBMi hypervisor call that can crash system or make a limited amount of system memory available Vulnerability Details CVEID:CVE-2025-36035 DESCRIPTION: The PowerVM hypervisor could allow a local privileged user to cause a denial o...

6.7CVSS6.2AI score0.00014EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 4:53 p.m.13 views

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities.

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. CVE-2025-21587, CVE-2025-30698, CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE...

7.8CVSS6.7AI score0.00234EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 3:32 p.m.4 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerabilities [CVE-2024-57965, CVE-2025-27152]

Summary IBM Security SOAR uses an older version of axios that may be identified and exploited. Updates for supported versions have been released which address the issues. It is recommended customers upgrade to the latest applicable fix pack 51.0.7.0 Vulnerability Details CVEID:CVE-2024-57965...

9.8CVSS6.7AI score0.00212EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 11:21 a.m.11 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-22097 DESCRIPTION: In the Linux kernel, the following vulnerability has...

7.8CVSS6.3AI score0.0009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 11:18 a.m.6 views

Security Bulletin: IBM QRadar SIEM is affected by by improper permission assignment (CVE-2025-0164)

Summary IBM QRadar SIEM is affected by improper permission assignment. Local privileged users may perform unauthorized actions on configuration files. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-0164 DESCRIPTION: IBM QRadar SIEM could allow a local...

2.3CVSS6.2AI score0.00015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 7:33 a.m.3 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-50059...

8.6CVSS6.6AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/12 2:25 a.m.9 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-56339, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-48976, CVE-2025-36097)

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-56339, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-48976, CVE-2025-36097. This has been addressed in the remediation section. Vulnerability...

7.5CVSS6.8AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 7:35 p.m.6 views

Security Bulletin: Security Vulnerabilities in Java and Liberty affect IBM Voice Gateway

Summary Multiple vulnerabilities were addressed in IBM Voice Gateway. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging...

8.1CVSS6.8AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:22 p.m.4 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D...

8.1CVSS6.5AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:21 p.m.8 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and...

7.8CVSS6.6AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:20 p.m.8 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

5.3CVSS5.2AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:19 p.m.6 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Support...

8.1CVSS6.5AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:19 p.m.3 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and hi...

7.8CVSS6.6AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:18 p.m.22 views

Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion

Summary Multiple vulnerabilities affecting IBM Fusion and IBM Fusion HCI could have resulted in reduced security. These issues have since been resolved. CVE-2025-36222, CVE-2025-47273, CVE-2025-26791, CVE-2025-22870, CVE-2025-27817, CVE-2024-31141, CVE-2025-27818, CVE-2024-47081, CVE-2025-48379,...

9.8CVSS8.3AI score0.21423EPSS
Exploits12Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:17 p.m.2 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

5.3CVSS5.2AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:16 p.m.5 views

Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to the Use of Insufficiently Random Values due to form_data.Js (CVE-2025-7783)

Summary The Data Cataloging Service in IBM Fusion and IBM Fusion HCI uses the formdata.js package which is vulnerable to the use of insufficiently random values which allows an attacker to deduce the state of the pseudo-random number generator in formdata and to craft payloads that include...

9.4CVSS6.7AI score0.01319EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:15 p.m.5 views

Security Bulletin: IBM Fusion HCI is vulnerable to Authorization Bypass due to Golang x/crypto (CVE-2024-45337, CVE-2025-22869)

Summary IBM Fusion HCI includes, but does not run or call, an SSH Server that is part of the Golang x/crypto module. This SSH Server is vulnerable to Denial of Service and Authorization Bypass. CVE-2024-45337, CVE-2025-22869 Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers whic...

9.1CVSS7.6AI score0.32338EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 6:9 p.m.3 views

Security Bulletin: IBM Fusion and IBM Fusion HCI are vulnerable to cross-site scripting due to DOMPurify (WS-2024-0017)

Summary The Fusion Web UI uses DOMPurify which is vulnerable to an attacker bypassing sanitizers and executing JavaScript code. WS-2024-0017 Vulnerability Details WSID: WS-2024-0017 DESCRIPTION: Insufficient checks in DOMPurify allows an attacker to bypass sanitizers and execute arbitrary...

6.8AI score
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 2:16 p.m.11 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method...

7.5CVSS7.3AI score0.00304EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 2:12 p.m.6 views

Security Bulletin: Vulnerabilities in Smallrye affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Smallrye has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-2240 DESCRIPTION: A flaw w...

7.5CVSS6.3AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 1:57 p.m.6 views

Security Bulletin: Publicly disclosed libcurl vulnerabilities affects IBM Safer Payments (CVE-2024-9681)

Summary Libcurl is used by IBM Safer Payments as part of the AVRO support for Kafka. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-9681 DESCRIPTION: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making ...

6.5CVSS6.4AI score0.00745EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 11:41 a.m.14 views

Security Bulletin: Multiple vulnerabilities in NodeJS affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor packages a vulnerable version of the NodeJS runtime and a vulnerable module. Vulnerability Details CVEID:CVE-2025-23165 DESCRIPTION: In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a...

7.5CVSS6.5AI score0.06002EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 11:32 a.m.6 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server traditional shipped with IBM Buinses Automation Workflow (CVE-2025-48976)

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security...

7.5CVSS6.4AI score0.01278EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 11:30 a.m.3 views

Security Bulletin: Multiple security vulnerabilities in Java affect IBM Business Automation Workflow - July 2025 CPU

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow and requires IBM Java 8. Information about security vulnerabilities in IBM Java 8 have been published. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fix...

6.5AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 9:1 a.m.6 views

Security Bulletin: Arbitrary File and Directory Creation via Volume Sharing Race Condition in runc , affects watsonx.data

Summary runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two...

3.6CVSS6.6AI score0.0015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 8:59 a.m.5 views

Security Bulletin: Uncontrolled Resource Consumption in Apache Commons Configuration 1.x When Loading Untrusted Configurations, affects watsonx.data

Summary Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons...

6.5CVSS7AI score0.00762EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/11 8:52 a.m.9 views

Security Bulletin: Arbitrary File Read and SSRF via Unrestricted URL Configuration in Apache Kafka Client SASL/OAUTHBEARER Settings, affects watsonx.data

Summary A vulnerability in Apache Kafka Client allows for arbitrary file read and Server-Side Request Forgery SSRF through misconfigured SASL/OAUTHBEARER settings, specifically the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url parameters. If client configurations are...

8.8CVSS6.8AI score0.21423EPSS
Exploits2Affected Software1
Total number of security vulnerabilities34926