Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:49 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and...

8.8CVSS7.7AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:46 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in platform-python-setuptools python3-setuptools-wheel setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in platform-python-setuptools python3-setuptools-wheel setuptools Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade,...

8.8CVSS7.7AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:43 a.m.2 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and...

8.8CVSS7.7AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:42 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and...

8.8CVSS7.7AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:41 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version...

6.1CVSS6AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:40 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does...

6.1CVSS6AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:40 a.m.7 views

Security Bulletin: CVE-2025-46801 - Pgpool-II Authentication Bypass

Summary Pgpool-II contains an authentication bypass vulnerability that can be exploited under certain conditions. If an attacker exploits the vulnerability they may be able to log in to the system as an arbitrary user, which could allow them to read or tamper with data in the database, and/or...

9.8CVSS9.3AI score0.00791EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:38 a.m.3 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does...

6.1CVSS6AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:37 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version...

6.1CVSS6AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:35 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.11-pip python3.11-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is...

6.1CVSS6.2AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:29 a.m.11 views

Security Bulletin: for Multiple CVEs : CVE-2024-10976 , CVE-2025-4207, CVE-2023-5870 and CVE-2025-1094

Summary Security Bulletin for Multiple CVEs. Refer below Vulnerability details for more detials. Vulnerability Details CVEID:CVE-2024-10976 DESCRIPTION: Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended...

8.1CVSS7.2AI score0.89472EPSS
Exploits10Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:24 a.m.6 views

Security Bulletin: CVE-2023-39417 - Extension script @substitutions@ within quoting allow SQL injection

Summary IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker...

8.8CVSS8.3AI score0.01572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:15 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel python3.12-pip python3.12-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is...

6.1CVSS6.2AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:13 a.m.11 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION: Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted...

3.1CVSS6.4AI score0.00357EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 8:54 a.m.5 views

Security Bulletin: CVE-2025-46801 - Pgpool-II Authentication Bypass

Summary Pgpool-II contains an authentication bypass vulnerability that can be exploited under certain conditions. If an attacker exploits the vulnerability they may be able to log in to the system as an arbitrary user, which could allow them to read or tamper with data in the database, and/or...

9.8CVSS8.8AI score0.26049EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 8:35 a.m.4 views

Security Bulletin: CVE-2025-46801 - Pgpool-II Authentication Bypass

Summary Pgpool-II contains an authentication bypass vulnerability that can be exploited under certain conditions. If an attacker exploits the vulnerability they may be able to log in to the system as an arbitrary user, which could allow them to read or tamper with data in the database, and/or...

9.8CVSS9.3AI score0.00791EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 7:13 a.m.3 views

Security Bulletin: CVE-2025-36024 vulnerability have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate user enumeration errors. Review the Vulnerability Details section below for additional information. Vulnerability Details CVEID:CVE-2025-36024 DESCRIPTION: IBM System Storage DS8000 could allow a remote attacker to obtain sensitiv...

6.7AI score
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 4:59 p.m.5 views

Security Bulletin: There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics

Summary There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite, when used with stand alone Cognos Analytics, where MXCSP is used for integration. A remote attacker could bypass authentication mechanisms and gain unauthorized access to Cognos Analytics...

9.8CVSS7AI score0.00528EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 4:41 p.m.9 views

Security Bulletin: Allocation of resources without limits, heap-buffer-overread, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency service is vulnerable to allocation of resources without limits, heap-buffer-overread, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-32988 DESCRIPTION: A flaw was found in GnuTLS. A double-free vulnerability...

9.8CVSS7.6AI score0.01185EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 12:22 p.m.6 views

Security Bulletin: A security vulnerability in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary IBM® SDK, Java™ Technology Edition bundled with IBM WebSphere eXtreme Scale is affected by security vulnerability. Vulnerability Details CVEID:CVE-2025-30761 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting...

5.9CVSS5.9AI score0.00551EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 11:23 a.m.10 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.4AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 11:22 a.m.5 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.8AI score0.00421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 11:20 a.m.7 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Detai...

7.5CVSS6.5AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 11:19 a.m.6 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

4.8CVSS6AI score0.00165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 11:18 a.m.4 views

Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS6.4AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 10:27 a.m.15 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in July 2025, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-50106...

8.1CVSS6.2AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 8:33 a.m.2 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

8.7CVSS6.5AI score0.00873EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 6:30 a.m.6 views

Security Bulletin: IBM Operational Decision Manager for Sept 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-27818...

8.8CVSS8.4AI score0.62368EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 6:4 a.m.2 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in reactor-netty-http

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in reactor-netty-http Vulnerability Details CVEID:CVE-2025-22227 DESCRIPTION: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen,...

6.1CVSS6.6AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 5:59 a.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2024-23337 DESCRIPTION: jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, t...

9.4CVSS7.8AI score0.01735EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 5:54 a.m.7 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

6.3CVSS6.5AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 5:54 a.m.5 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION:...

5.9CVSS6.4AI score0.01916EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 5:44 a.m.6 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Improper Resource Shutdown or Release vulnerability to the made you reset the attack.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Improper Resource Shutdown or Release vulnerability to the made you reset the attack.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48989...

7.5CVSS6.4AI score0.03389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 6:25 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700

Summary IBM Virtualization Engine TS7700 is susceptible to two Tampering and information Disclosure CVE-2025-21587 , CVE-2025-30698 and one Tampering and Denial of Service CVE-2025-4447 unauthorized data access due to the use of IBM® SDK Java™ Technology Edition, Version 8 Vulnerability Details...

7.8CVSS7.3AI score0.0073EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 6:24 p.m.7 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in Python.

Summary IBM Virtualization Engine TS7700 is susceptible to two Tampering conditions and one potential Elevation of Privilege issue due to the use of Python CVE-2025-0938, CVE-2025-47273, CVE-2025-1795. TS7700 uses Python to perform operations with the Cloud and internal system configuration tasks...

8.8CVSS8.1AI score0.01499EPSS
Exploits4Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 6:23 p.m.5 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Information Disclosure due to the use of IBM Db2

Summary IBM Virtualization Engine TS7700 is susceptible to Information Disclosure CVE-2024-40679 due to the use of IBM Db2, which is primarily embedded to store metadata related to the data managed by the TS7700. Vulnerability Details CVEID:CVE-2024-40679 DESCRIPTION: IBM Db2 for Linux, UNIX and...

5.5CVSS5.9AI score0.00159EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 6:21 p.m.7 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Elevation of Privilege conditions due to the use of IBM Storage Virtualize

Summary IBM Virtualization Engine TS7700 is susceptible to Elevation of Privilege conditions due to the use of IBM Storage Virtualize CVE-2025-36120. TS7700 uses IBM Storage Virtualize to perform operations related to storage virtualization and internal system configuration tasks. Vulnerability...

8.8CVSS6.7AI score0.00276EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 6:21 p.m.6 views

Security Bulletin: IBM QRadar SIEM is affected by privilege escalation (CVE-2025-36007)

Summary IBM QRadar SIEM is affected by privilege escalation due to improper privilege assignment in the App Framework. IBM has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-36007 DESCRIPTION: IBM QRadar SIEM is vulnerable to privilege escalation due to improper...

7.8CVSS7AI score0.00114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 6:20 p.m.11 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-38211 DESCRIPTION: In the Linux kernel, the following vulnerability has...

7.8CVSS7.7AI score0.00169EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 4:17 p.m.10 views

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to denial of service due to jackson- core. WS-2022-0468.

Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to denial of service due to jackson- core. WS-2022-0468. Vulnerability Details WSID: WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attac...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 4:16 p.m.2 views

Security Bulletin: Sensitive Key Exposure in Snowflake JDBC Driver Logging (Versions 3.0.13 – 3.23.0), affects watsonx.data

Summary Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side...

3.3CVSS6.7AI score0.00112EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 4:14 p.m.5 views

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441.

Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED Improper Input...

7.2CVSS6.5AI score0.01213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 1:44 p.m.8 views

Security Bulletin: Reflected File Download (RFD) Vulnerability in Spring Framework Content-Disposition Header Handling (CWE-113), which affects IBM watsonx.data

Summary A Reflected File Download RFD vulnerability has been identified in VMware Spring Framework versions 6.0.5 to 6.2.7. The issue arises when an application sets a Content-Disposition response header using ContentDisposition.BuilderfilenameString, Charset with a non-ASCII charset and...

6.5CVSS7AI score0.00533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 1:43 p.m.4 views

Security Bulletin: Pip Vulnerability Prior to v23.3 Allows Arbitrary Mercurial Configuration Injection via VCS URLs, which affects IBM watsonx.data

Summary When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and whi...

5.5CVSS6.5AI score0.00476EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 1:42 p.m.4 views

Security Bulletin: Security Vulnerability in Requests Library: .netrc Credential Leak Fixed in Version 2.32.4, affects IBM watsonx.data

Summary Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can...

5.3CVSS6.5AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 12:58 p.m.7 views

Security Bulletin: IBM OpenPages fixes form-data package vulnerability

Summary Vulnerability in the form-data package with IBM OpenPages has been addressed in the latest IBM OpenPages fix pack version for 8.3, 9.0 and mod version for 9.1 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...

9.4CVSS6.7AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 12:53 p.m.4 views

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Jul 2025 - Includes OpenJDK July 2025 CPU vilnerabilities

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Jul 2025 - Includes OpenJDK July 2025 CPU vilnerabilities with CVEs CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754 Vulnerability Details Refer to the security bulletins listed ...

8.6CVSS6.8AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 12:50 p.m.3 views

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 has been published in multiple security bulletins. These products have addressed the...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 10:58 a.m.6 views

Security Bulletin: urllib3 Redirect Control Vulnerability in Pyodide Runtime (Versions 2.2.0 to <2.5.0), which affects IBM watsonx.data

Summary urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This...

6.1CVSS6.6AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 2:41 a.m.11 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to multiple vulnerabilities due to DB2 (CVE-2025-33092, CVE-2025-33143)

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerability affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-33092 DESCRIPTION: IBM Db2 for Linux...

7.8CVSS7.8AI score0.00138EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608