Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 4:9 p.m.•7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in tar

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in tar Vulnerability Details CVEID:CVE-2022-48303 DESCRIPTION: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to...

5.5CVSS6.4AI score0.04524EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 4:4 p.m.•5 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in tar

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in tar Vulnerability Details CVEID:CVE-2021-20193 DESCRIPTION: A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to caus...

4.3CVSS5.7AI score0.01092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 4:2 p.m.•4 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in node

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in node Vulnerability Details CVEID:CVE-2021-43803 DESCRIPTION: Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In...

7.5CVSS7.3AI score0.44824EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 3:47 p.m.•10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in axios-1.8.3.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in axios-1.8.3.tgz Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.j...

7.5CVSS6AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 2:43 p.m.•14 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.307 Vulnerability Details CVEID:CVE-2025-57810 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in C...

9.8CVSS9.5AI score0.07802EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 1:43 p.m.•4 views

Security Bulletin: IBM OpenPages mitigates Host header injection vulnerability (CVE-2025-36223)

Summary A vulnerability in IBM OpenPages could allow an attacker to manipulate the Host header in a request, potentially influencing the response data. In certain redirection scenarios, user navigation could be influenced in unintended ways, potentially leading to exposure to untrusted...

6.1CVSS6.2AI score0.00146EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 1:40 p.m.•3 views

Security Bulletin: IBM OpenPages Vulnerable to Information Disclosure (CVE-2025-27368)

Summary Application API vulnerability that exposes metadata for configurable fields due to insufficient access control checks in IBM OpenPages has been addressed. Vulnerability Details CVEID:CVE-2025-27368 DESCRIPTION: IBM OpenPages is vulnerable to information disclosure of sensitive information...

4.3CVSS6AI score0.00191EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 1:35 p.m.•10 views

Security Bulletin: Multiple Vulnerabilities in IBM webMethods BPM.

Summary Multiple vulnerabilities were addressed in IBM webMethods BPM. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

7.5CVSS7.2AI score0.66933EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 1:30 p.m.•7 views

Security Bulletin: Due to the use of Eclipse JGit, IBM webMethods Integration is affected by denial of service, and other security issues.

Summary Eclipse JGit is used by IBM webMethods Integration in repository function CVE-2025-4949 Vulnerability Details CVEID:CVE-2025-4949 DESCRIPTION: In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implemen...

6.8CVSS6.4AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 12:6 p.m.•9 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Semeru Java 17 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM Semeru Runtime Certified Edition, Version 17 and is affected by multiple vulnerabilities CVE-2025-53057, CVE-2025-53066, CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761 and CVE-2025-30754. Vulnerability Details...

8.6CVSS6.8AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/11 4:56 a.m.•10 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 8 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology Edition, Version 8 and is affected by multiple vulnerabilities CVE-2025-53066, CVE-2025-53057, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761 and CVE-2025-30754. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An...

8.1CVSS6.3AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 10:11 p.m.•10 views

Security Bulletin: Multiple Vulnerabilities in Hyper Converged Database

Summary Multiple vulnerabilities were addressed in Hyper Converged Database version 1.2.4 Vulnerability Details CVEID:CVE-2017-6519 DESCRIPTION: avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows...

9.1CVSS7.5AI score0.03082EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 12:5 p.m.•20 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Semeru Runtime Environment (CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary Multiple issues were identified with the IBM Semeru Runtime Environment which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component:...

8.6CVSS6.8AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 11:24 a.m.•4 views

Security Bulletin: IBM Jazz Reporting Service is vulnerable to uncontrolled resource consumption in Apache Commons IO.

Summary A vulnerability has been identified in the Apache Commons IO library. This issue affects IBM® Jazz Reporting Service and has been addressed as documented in the Remediation section CVE-2024-47554. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption...

4.3CVSS6.7AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 10:23 a.m.•18 views

Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector

Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 6.4.0. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setti...

9.8CVSS8.3AI score0.19312EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 9:22 a.m.•6 views

Security Bulletin: WebSphere Application Server Liberty is affected by a security bypass in JMS messaging ( CVE-2025-36124)

Summary WebSphere Application Server Liberty is affected by a security bypass in JMS messaging CVE-2025-36124 Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions...

7.5CVSS6.7AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 9:12 a.m.•7 views

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 ( CVE-2025-36047)

Summary WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 CVE-2025-36047 Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a...

7.5CVSS6.9AI score0.00421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 9:10 a.m.•7 views

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service ( CVE-2025-36000)

Summary WebSphere Application Server Liberty is affected by a denial of service CVE-2025-36000 Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a...

4.8CVSS6.1AI score0.00165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 8:26 a.m.•19 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attack...

7.8CVSS6.9AI score0.0118EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 7:12 a.m.•5 views

Security Bulletin: There is a vulnerability in netty-codec-http2-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-55163)

Summary There is a vulnerability in netty-codec-http2-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions...

8.2CVSS6.5AI score0.00979EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 7:12 a.m.•6 views

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload ( CVE-2025-48976)

Summary WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache...

7.5CVSS6.7AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 7:12 a.m.•2 views

Security Bulletin: There is a vulnerability in netty-codec-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-58057)

Summary There is a vulnerability in netty-codec-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainabl...

7.5CVSS6.4AI score0.00561EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 7:11 a.m.•4 views

Security Bulletin: There is a vulnerability in netty-codec-http-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-58056)

Summary There is a vulnerability in netty-codec-http-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable...

7.5CVSS6.4AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/10 7:10 a.m.•7 views

Security Bulletin: There is a vulnerability in reactor-netty-http-1.2.1.jar (used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-22227)

Summary There is a vulnerability inreactor-netty-http-1.2.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-22227 DESCRIPTION: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order f...

6.1CVSS6.6AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/08 4:2 p.m.•8 views

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

7.8CVSS7AI score0.01025EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/08 3:58 p.m.•9 views

Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Java affect IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the fixes required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-3076...

5.9CVSS5.9AI score0.00551EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/08 3:57 p.m.•25 views

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

7.5CVSS6.9AI score0.01767EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/08 3:56 p.m.•5 views

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak and may result in request smuggling (CVE-2025-22871).

Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak and may result in request smuggling.. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerability. Vulnerability...

9.1CVSS6.7AI score0.00724EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 8:36 p.m.•9 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CSRF Attack (CVE-2025-47909)

Summary gorilla/csrf is used by Scheduling Service. A vulnerability in gorilla/csrf is addressed. Vulnerability Details CVEID:CVE-2025-47909 DESCRIPTION: Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks...

7.3CVSS6.5AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 7:31 p.m.•8 views

Security Bulletin: IBM Cognos Analytics Certified Containers is affected by security vulnerabilities

Summary IBM Cognos Analytics Certified Containers is affected by vulnerabilities in the PostgreSQL JDBC Driver. Additionally , IBM Cognos Certified Containers is affected by an Information Disclosure vulnerability. Vulnerability Details CVEID:CVE-2022-31197 DESCRIPTION: PostgreSQL JDBC Driver...

10CVSS7.4AI score0.0481EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 6:35 p.m.•5 views

Security Bulletin: HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application

Summary A specific URL endpoint in IBM OpenPages was found to be vulnerable to unsanitized HTML injection. The application reflects user-supplied input directly into the HTML response without proper encoding or validation, which allows an attacker to inject arbitrary HTML content or tags...

5.4CVSS6.4AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 5:54 p.m.•6 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF007

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF007 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway...

6.1CVSS6.6AI score0.0053EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 5:42 p.m.•6 views

Security Bulletin: IBM Integration Designer is vulnerable to denial of service (CVE-2025-53057)

Summary Vulnerability in the IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed CVE-2025-53057. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...

5.9CVSS6.3AI score0.00487EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 4:49 p.m.•4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal Vulnerability in Spring Framework [CVE-2025-41242]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Path Traversal Vulnerability in Spring Framework when deployed on a non-compliant Servlet container CVE-2025-41242. Spring Framework is used as part of our java microservices. This vulnerabilitiy has been addressed. Please read the...

5.9CVSS6.7AI score0.01916EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 4:42 p.m.•7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...

9.1CVSS8.1AI score0.02303EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 4:40 p.m.•9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2022-29458...

8.3CVSS7.6AI score0.02157EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 3:17 p.m.•6 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (217222)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability 217222 Vulnerability Details IBM X-Force ID: 217222 DESCRIPTION: Apache commons-dbcp could allow a remote authenticated attacker from within the local network to obtain...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 2:21 p.m.•7 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus JOSE + JWT (CVE-2025-53864)

Summary A vulnerability in Connect2id Nimbus JOSE + JWT that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of...

5.8CVSS6.8AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 1:48 p.m.•11 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic (CVE-2025-36185)

Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36185 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of...

6.2CVSS6AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 1:26 p.m.•4 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-7962)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7.5CVSS6.7AI score0.00756EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 1:2 p.m.•7 views

Security Bulletin: Consul’s KV endpoint is vulnerable to denial of service

Summary Consul and Consul Enterprise’s “Consul” key/value endpoint is vulnerable to denial of service DoS due to incorrect Content Length header validation. This vulnerability, CVE-2025-11374, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12...

6.5CVSS6.7AI score0.00402EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 1:1 p.m.•6 views

Security Bulletin:Consul’s event endpoint is vulnerable to denial of service

Summary Consul and Consul Enterprise’s “Consul” event endpoint is vulnerable to denial of service DoS due to lack of maximum value on the Content Length header. Vulnerability Details CVEID: CVE-2025-11375 DESCRIPTION: Consul and Consul Enterprise’s “Consul” event endpoint is vulnerable to denial ...

6.5CVSS6.7AI score0.00402EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 11:1 a.m.•4 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by SMTP injection due to Jakarta Mail

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by SMTP injection due to Jakarta Mail CVE-2025-7962 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

7.5CVSS6.9AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 9:42 a.m.•11 views

Security Bulletin: IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871

Summary IBM Maximo Application Suite uses eventlet-0.40.1-py3-none-any.whl, commons-lang3-3.17.0.jar, net/http/internal 1.23.4 which is vulnerable to CVE-2025-58068, CVE-2025-48924, CVE-2025-22871. This bulletin contains information regarding the vulnerability and how it is addressed. Vulnerabili...

9.1CVSS7.3AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 4:43 a.m.•3 views

Security Bulletin: HTTP request smuggling vulnerability in Go net/http due to improper LF handling in chunked encoding, affects watsonx.data

Summary The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext. This could affect watsonx.data...

9.1CVSS7.4AI score0.00724EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/07 4:34 a.m.•5 views

Security Bulletin: IBM Engineering Test Management bundles IBM WebSphere Application Server which could provide weaker than expected security.

Summary IBM WebSphere Application Server shipped with IBM Engineering Test Management could provide weaker than expected security for TLS connections CVE-2025-33142. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

7.5CVSS6.5AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/06 7:36 p.m.•8 views

Security Bulletin: IBM Copy Services Manager may be affected by a vulnerabilities due to default security configuration allowing cross site scripting

Summary A vulnerability has been found that allows cross site scripting once a user has been authenticated or unauthenticated into the server. Although likelihood of this issue being exploited is very low, IBM Copy Services Manager frequently updates configuration files in the product dependency...

6.1CVSS5.5AI score0.00197EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/06 6:42 p.m.•7 views

Security Bulletin: IBM OpenPages Vulnerable to HTML Injection (CVE-2025-33110)

Summary Application API's vulnerable to HTML injection in IBM OpenPages has been addressed in the latest IBM OpenPages fix pack for 9.0 and 9.1 versions. Vulnerability Details CVEID:CVE-2025-33110 DESCRIPTION: IBM OpenPages with Watson is vulnerable to HTML injection. A remote attacker could inje...

5.4CVSS6.8AI score0.00193EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/06 2:45 p.m.•8 views

Security Bulletin: IBM i is affected by BIND accepting records with untrusted data, predictable port and query ID, and resource exhaustions in Domain Name System due to multiple vulnerabilities.

Summary Domain Name System for IBM i is vulnerable to BIND accepting records with forged data CVE-2025-40778, prediction of port and ID due to weakness in pseudo random number generator CVE-2025-40780, various resource exhaustions when being flooded with valid or invalid HTTP/2 traffic...

8.6CVSS6.4AI score0.16182EPSS
Exploits1Affected Software6
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/06 2:10 p.m.•10 views

Security Bulletin: Due to the use of helm, IBM Kubecost Self Hosted is affected by stack overflow and memory exhaustion

Summary helm is used by IBM Kubecost Self Hosted as part of the cluster-controller component CVE-2025-32387, CVE-2025-32386 Vulnerability Details CVEID:CVE-2025-32387 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply...

6.5CVSS6.7AI score0.00407EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608