Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 1:57 p.m.13 views

Security Bulletin: IBM Financial Transaction Manager is impacted by a DNS cache poisoning vulnerability in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into t...

8.6CVSS6.8AI score0.00509EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 1:50 p.m.9 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the HDFS layer are now fixed in 5.2.3.3 or higher (CVE-2021-23445)

Summary The following vulnerabilities, which can affect IBM Storage Scale and the HDFS layer and could provide weaker-than-expected security, are now fixed in Storage Scale 5.2.3.3 or higher CVE-2021-23445. Vulnerability Details CVEID:CVE-2021-23445 DESCRIPTION: This affects the package...

6.1CVSS5AI score0.01837EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 10:56 a.m.4 views

Security Bulletin: Due to use of Apache Commons Lang, IBM Engineering Systems Design Rhapsody is affected by an Uncontrolled Recursion vulnerability

Summary Apache Commons Lang is used internally by IBM Engineering Systems Design Rhapsody CVE-2025-48924 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.6AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 10:40 a.m.6 views

Security Bulletin: Security vulnerabilities in Apache kafka-client may affect IBM Business Automation Workflow - CVE-2025-27817, CVE-2025-27818

Summary IBM Business Automation Workflow packages a copy of Apache kafka-client with known vulnerabilities. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource,...

8.8CVSS6.6AI score0.62368EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 10:34 a.m.4 views

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2025-36172

Summary IBM Business Automation Workflow is vulnerable to a cross-site-scripting attack. Vulnerability Details CVEID:CVE-2025-36172 DESCRIPTION: IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 00...

6.4CVSS6AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 10:20 a.m.5 views

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server - CVE-2025-36054

Summary IBM Business Automation Workflow Process Fedeeration Server is vulnerable to a Cross-site scripting attack. Vulnerability Details CVEID:CVE-2025-36054 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker...

6.1CVSS5.9AI score0.00193EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 10:13 a.m.9 views

Security Bulletin: Path traversal vulnerability affect IBM Business Automation Workflow - CVE-2025-41242

Summary IBM Business Automation Workflow packages a vulnerable version of spring. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can ...

5.9CVSS6.5AI score0.01916EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 9:44 a.m.7 views

Security Bulletin: Multiple vulnerabilities are addressed with IBM Business Automation Workflow containers 24.0.0-IF007, 24.0.1-IF005, and 25.0.0-IF002

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF007, 24.0.1-IF005 and 25.0.0-IF002. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle...

8.1CVSS6.6AI score0.64718EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 9:4 a.m.3 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Business Automation Workflow due to the October 2025 CPU

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

6.3AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 8:10 a.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (CVE-2025-53066, CVE-2025-53057)

Summary IBM WebSphere Application Server and IBM WebSphere Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server and IBM WebSphere Liberty has been published in a...

7.5CVSS6.5AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:37 a.m.4 views

Security Bulletin: IBM OpenPages fixes multer package vulnerability (CVE-2025-7338)

Summary Vulnerability in the multer-2.0.1.tgz package with IBM OpenPages has been addressed in the latest IBM OpenPages fix pack version for 9.0 and 9.1 Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is...

7.5CVSS6.7AI score0.00644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:22 a.m.3 views

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition is affected by a denial of service vulnerability.

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is affected by a denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:17 a.m.3 views

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Network Configuration Manager (ITNCM) is affected by a denial of service vulnerability.

Summary WebSphere Application Server, used by IBM Tivoli Network Configuration Manager ITNCM, is affected by a denial of service vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:11 a.m.8 views

Security Bulletin: Due to use of QOS.CH logback, IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution

Summary Due to use of QOS.CH logback IBM Cloud Pak System is affected by server-side request forgery and arbitrary code execution CVE-2024-12801, CVE-2024-12798. Vulnerability Details CVEID:CVE-2024-12801 DESCRIPTION: Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version...

5.9CVSS8.1AI score0.00404EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:8 a.m.3 views

Security Bulletin: Due to the use of derby IBM webMethods BPM is vulnerable to unauthorized LDAP authentication

Summary IBM webMethods BPM is using derby which is affected by a known vulnerability CVE-2022-46337. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: A cleverly devised username might bypass LDAP authentication check...

9.8CVSS7.2AI score0.01418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 7:7 a.m.7 views

Security Bulletin: Due to use of jackrabbit-spi-commons IBM webMethods BPM is vulnerable to loading privileges using unsecured document build

Summary IBM webMethods BPM is using jackrabbit-spi-commons which is affected by a known vulnerability CVE-2025-53689. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-53689 DESCRIPTION: Blind XXE Vulnerabilities in jackrabbit-spi-commo...

8.8CVSS6.7AI score0.00466EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 6:41 a.m.4 views

Security Bulletin: Due to use of Axios, IBM watsonx Code Assistant IDE Extensions is affected by unbounded memory and denial of service

Summary Axios is used internally by IBM watsonx Code Assistant IDE Extensions CVE-2025-58754 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL...

7.5CVSS6.9AI score0.01099EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 10:14 p.m.18 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF005 and 25.0.0-IF002. These vulnerabilities have been also addressed in 24.0.1-IF005. Vulnerability Details CVEID:CVE-2025-36091 DESCRIPTION: IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and...

9.1CVSS8.1AI score0.05006EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 9:3 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty due to the October 2025 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.5CVSS6.7AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 7:30 p.m.11 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for 24.0.0-IF007, 24.0.1-IF005 and 25.0.0-IF002

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF007, 24.0.1-IF005 and 25.0.0-IF002. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous...

8.1CVSS6.8AI score0.01058EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 6:13 p.m.10 views

Security Bulletin: IBM Watson Studio for IBM Cloud Pak for Data is affected by vulnerability in path-to-regexp

Summary IBM Watson Studio for IBM Cloud Pak for Data contains a vulnerable version of path-to-regexp Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

8.7CVSS6.7AI score0.00792EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 6:4 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Netty codec (CVE-2025-58057)

Summary A vulnerability in Netty codec that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol serve...

7.5CVSS6.2AI score0.00561EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 10:48 a.m.3 views

Security Bulletin: IBM Edge Data Collector uses requests-2.32.2-py3-none-any.whl which is vulnerable to CVE-2024-47081.

Summary IBM Edge Data Collector uses requests-2.32.2-py3-none-any.whl which is vulnerable to CVE-2024-47081. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing...

5.3CVSS6.6AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 10:45 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses urllib3-1.26.19-py2.py3-none-any.whl which is vulnerable to CVE-2025-50181, CVE-2025-50182.

Summary IBM Edge Data Collector uses urllib3-1.26.19-py2.py3-none-any.whl which is vulnerable to CVE-2025-50181, CVE-2025-50182. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP...

6.1CVSS7.3AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 10:43 a.m.9 views

Security Bulletin: IBM Edge Data Collector uses ring-0.17.9.crate which is vulnerable to CVE-2025-4432.

Summary IBM Edge Data Collector uses ring-0.17.9.crate which is vulnerable to CVE-2025-4432. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4432 DESCRIPTION: A flaw was found in Rust's Ring package. A panic may be triggered whe...

5.3CVSS6.6AI score0.00825EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 9:28 a.m.10 views

Security Bulletin: IBM Edge Data Collector uses crossbeam-channel-0.5.14.crate which is vulnerable to CVE-2025-4574.

Summary IBM Edge Data Collector uses crossbeam-channel-0.5.14.crate which is vulnerable to CVE-2025-4574. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-4574 DESCRIPTION: In crossbeam-channel rust crate, the internal Channel type's...

6.5CVSS6.7AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 9:6 a.m.37 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

9.8CVSS8.2AI score0.91327EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 8:54 a.m.17 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses setuptools 76.1.0, urllib3-1.26.20-py2.py3-none-any.whl, cross-spawn v7.0.3, braces v3.0.2, axios-1.11.0.tgz, xmltodict-0.14.2-py2.py3-none-any.whl, WebSphere Application Server Liberty version 25.0.0.8 which is vulnerable to CVE-2025-47273, CVE-2025-5018...

8.7CVSS8.9AI score0.64718EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 2:13 a.m.14 views

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2024-38828,CVE-2024-38820)

Summary Spring MVC controller vulnerable to a DoS attack and DataBinder Case Sensitive Match Exception. These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS...

5.3CVSS6.7AI score0.00729EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/01 5:32 a.m.7 views

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2025-41249,CVE-2025-41242)

Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities . These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on...

7.5CVSS7.6AI score0.01916EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 9:53 p.m.3 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Axios (CVE-2025-58754)

Summary A vulnerability in Axios that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...

7.5CVSS6.4AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 9:38 p.m.5 views

Security Bulletin: IBM i is affected by a privilege escalation in IBM i SQL services [CVE-2025-36367]

Summary IBM i is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check CVE-2025-36367 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-36367 DESCRIPTION: IBM i is vulnerable to privilege escalation caused by an invali...

8.8CVSS7.6AI score0.00285EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 8:33 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Undertow (CVE-2025-9784)

Summary A vulnerability in Undertow that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-9784 DESCRIPTION: A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This...

7.5CVSS6.2AI score0.0217EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 8:4 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Spring (CVE-2025-41249)

Summary A vulnerability in Spring that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a...

7.5CVSS6.2AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 7:46 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an uncontrolled resource consumption and out of bounds write in Bouncy Castle [CVE-2025-9341, CVE-2025-9340]

Summary IBM Watson Speech Services Cartridge is vulnerable to an uncontrolled resource consumption and out of bounds write in Bouncy Castle, due to issues in AESNativeCBC.Java and AESNativeCBC.Java which allow excessive allocation CVE-2025-9341 and issues in jcajce/provider/BaseCipher...

5.9CVSS6.9AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 7:39 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM InfoSphere Information Server

Summary There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server. These are addressed. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable ...

7.5CVSS7AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 7:18 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to unexpected behavior in pytorch [CVE-2025-55552]

Summary IBM Watson Speech Services Cartridge is vulnerable to unexpected behavior in pytorch , that creates an inconsistent swap wih eager when compilingCVE-2025-55552. Pytorch is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

7.5CVSS7.1AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 7:8 p.m.18 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

7.5CVSS7.2AI score0.02164EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 7:5 p.m.14 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch [ CVE-2025-4287]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch that can be manipulated to cause a Denial of Service attack CVE-2025-4287. PyTorch is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the...

4.8CVSS5.5AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 7:3 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Allocation of Resources Without Limits or Throttling in Bouncy Castle [CVE-2025-8916]

Summary IBM Watson Speech Services Cartridge is vulnerable to Allocation of Resources Without Limits or Throttling in Bouncy Castle, due to BC API modules which allow Excessive AllocationCVE-2025-8916. Bouncy Castle is used in our speech microservices. This vulnerabilitiy has been addressed. Plea...

6.3CVSS7.4AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 7:1 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in Apache Tomcat [CVE-2025-48989]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in Apache Tomcat, due to a vulnerability to the 'made you reset attack' CVE-2025-48989. Apache Tomcat is used in our speech microservices. This vulnerabilitiy has been addressed. Please read the...

7.5CVSS7.8AI score0.03389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:59 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Apache Tomcat [CVE-2025-53506]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Apache Tomcat, occuring when the HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams CVE-2025-53506. Apache Tomcat is used in our...

7.5CVSS7.4AI score0.01898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:58 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an interger overflow in Apache Tomcat [CVE-2025-52520]

Summary IBM Watson Speech Services Cartridge is vulnerable to a DOS in Apache Tomcat, due to an Integer Overflow vulnerability that could allow bypassing of size limits CVE-2025-52520. Apache Tomcat is used in our speech microservices. This vulnerabilitiy has been addressed. Please read the detai...

7.5CVSS7.3AI score0.0196EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:51 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an injection attack in huggingface/transformers [CVE-2025-3777]

Summary IBM Watson Speech Services Cartridge is vulnerable to an injection attack in huggingface/transformers, due to an improper input validation vulnerability in the imageutils.py file CVE-2025-3777, Huggingface/transformers is used in our speech service runtimes. This vulnerabilitiy has been...

3.5CVSS6.9AI score0.00329EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:48 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-5197]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to an exploitable issue in the converttfweightnametoptweightname function CVE-2025-5197. Huggingface/transformers is used in our speech service runtimes. This vulnerabilitiy has been...

5.3CVSS6.6AI score0.00361EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:45 p.m.23 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers [CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Denial of Service in huggingface/transformers, due to various issues identified within the package CVE-2025-3262, CVE-2025-3264, CVE-2025-3933, CVE-2025-3263. Huggingface/transformers is used in our speech service runtimes. This...

7.5CVSS7.4AI score0.00431EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:41 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a RecursionError DOS in protobuf [CVE-2025-4565]

Summary IBM Watson Speech Services Cartridge is vulnerable to a RecursionError DOS in protobuf, due to an issue with the Protobuf Pure-Python backend CVE-2025-4565. Protobuf is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation...

8.2CVSS7.5AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:39 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in protobuf [CVE-2022-3171]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in protobuf, due to a parsing issue with binary data in protobuf-java core CVE-2022-3171. Protobuf is used in our speech service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

7.5CVSS7.1AI score0.01048EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:37 p.m.20 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to various issues in postgresql

Summary IBM Watson Speech Services Cartridge is vulnerable to various issues in postgresql please see below. Postgresql is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2023-39417 DESCRIPTION: I...

8.8CVSS8.3AI score0.89472EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/31 6:33 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Cross-site Scripting in golang.org/x/net/proxy [CVE-2025-22872]

Summary IBM Watson Speech Services Cartridge is vulnerable to Cross-site Scripting in golang.org/x/net/proxy, due to incorrect interpretation of tags in the tokenizer CVE-2025-22872. Golang is used in our speech utilities. This vulnerabilitiy has been addressed. Please read the details for...

6.5CVSS6.6AI score0.0045EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608