Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34931 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 6:5 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.10.3.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of jackson-core-2.10.3.jar Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior ...

8.7CVSS8.4AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 6:0 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jinja2-3.1.5-py3-none-any.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of jinja2-3.1.5-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filt...

8.8CVSS7.7AI score0.00121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:59 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in golang.org/x/net-v0.33.0

Summary IBM Watson Discovery Cartridge contains a vulnerable version of golang.org/x/net-v0.33.0 Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment...

4.4CVSS6.8AI score0.00032EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:54 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-2.0.1.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of multer-2.0.1.tgz Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0...

7.5CVSS9.2AI score0.0004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:53 p.m.11 views

Security Bulletin: IBM Watson Discovery Catridge affected by vulnerability in tomcat-embed-core-10.1.35.jar

Summary IBM Watson Discovery Catridge contains a vulnerable version of tomcat-embed-core-10.1.35.jar Vulnerability Details CVEID:CVE-2025-46701 DESCRIPTION: Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints...

7.3CVSS8AI score0.00132EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:52 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge contains a vulnerable version of WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial o...

7.5CVSS9.2AI score0.0027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:51 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.104.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-9.0.104.jar Vulnerability Details CVEID:CVE-2025-49125 DESCRIPTION: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using PreResources or PostResources mounted...

7.5CVSS7.9AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:50 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-1.4.4-lts.1.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of multer-1.4.4-lts.1.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to...

8.7CVSS5.1AI score0.00249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:49 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in commons-beanutils-1.9.4.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of commons-beanutils-1.9.4.jar Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to sto...

8.8CVSS8.1AI score0.00258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:49 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of cryptography-44.0.0-cp37-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the serv...

6.3CVSS6.8AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:48 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-common

Summary IBM Watson Discovery Cartridge contains a vulnerable version of netty-common Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of...

5.5CVSS6.9AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:47 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-2.5.8.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of dompurify-2.5.8.tgz Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS. CWE:CWE-79:...

6.1CVSS5.5AI score0.00108EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:46 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in runtime-7.22.3.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of runtime-7.22.3.tgz Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular...

6.2CVSS6AI score0.0006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:23 p.m.11 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in Spring Framework

Summary There is vulnerability in Spring Framework used by Integrated Webservices in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring...

6.5CVSS8.9AI score0.00294EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 5:1 p.m.10 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2025-24358

Summary github.com/gorilla/csrf-v1.7.1 is used by the Scheduling Service. Vulnerability Details CVEID:CVE-2025-24358 DESCRIPTION: gorilla/csrf provides Cross Site Request Forgery CSRF prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Orig...

6CVSS3.8AI score0.00063EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 4:57 p.m.18 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in IBM Semeru Runtime version 17

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Ja...

8.6CVSS8.1AI score0.02123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 4:53 p.m.3 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in IBM Semeru Runtime version 17

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability i...

7.8CVSS7AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 4:53 p.m.30 views

Security Bulletin: Vulnerabilities in Node.js, Angular.js, Golang Go, Java, MongoDB, Linux kernel may affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Node.js, Angular.js, Golang Go, Java, MongoDB Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, remote execution of arbitrary code on the system, and bypassing security...

7.8CVSS10AI score0.01526EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 4:14 p.m.3 views

Security Bulletin: Multiple vulnerabilities in IBM Cognos Command Center

Summary There are vulnerabilities in IBM® Semeru Java™ used by IBM Cognos Command Center. Additionally, IBM Cognos Command Center is vulnerable to Open redirection, Clickjacking and Arbitary code execution vulnerabilities. This Security Bulletin relates only to the direct usage of third-party...

9.3CVSS8.7AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 3:56 p.m.5 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Monitor

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about the security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS8.2AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 2:17 p.m.5 views

Security Bulletin: Vulerability commons-fileupload affects IBM Integrated Analytics System

Summary The commons-fileupload package is used by IBM Integrated Analytics System as part of its file upload processing functionality. A denial-of-service DoS vulnerability was identified in Apache Commons FileUpload due to insufficient limits on multipart headers, which could allow a remote...

7.5CVSS7.7AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 1:25 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in http-proxy-middleware-2.0.7.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of http-proxy-middleware-2.0.7.tgz Vulnerability Details CVEID:CVE-2025-32997 DESCRIPTION: In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. CWE:CWE-754: Improper...

5.3CVSS5.4AI score0.00062EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 1:24 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in IBM SDK

Summary IBM Watson Discovery Cartridge contains a vulnerable version of IBM SDK Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impac...

7.8CVSS6.4AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/26 1:23 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.4.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of dompurify-3.2.4.tgz Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: th...

7.5CVSS6.6AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/25 9:35 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in multer-1.4.4-lts.1.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of multer-1.4.4-lts.1.tgz Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak...

7.5CVSS7.8AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/25 9:34 p.m.3 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in setuptools-75.8.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of setuptools-75.8.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal...

8.8CVSS7.6AI score0.0012EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/25 9:5 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. Vulnerability Details...

7.5CVSS6.2AI score0.00051EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/25 4:4 p.m.6 views

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is...

9.4CVSS7.1AI score0.01319EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/25 3:57 p.m.8 views

Security Bulletin: Vulnerabilities in Apache Kafka affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities in Apache Kafka have been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTIO...

8.8CVSS7.4AI score0.21423EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/25 1:30 p.m.15 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-49058 DESCRIPTION: In the Linux kernel, the following vulnerability has...

7.8CVSS9.1AI score0.00039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/23 1:9 p.m.6 views

Security Bulletin: Vulnerability Malicious File Upload affects IBM Integrated Analytics System

Summary The file upload functionality in IIAS has been enhanced to enforce stricter validation across all supported file types. Extension check were implemented to ensure uploaded files match their expected format and content. This prevents the upload of malicious or improperly formatted files an...

8CVSS6.3AI score0.00052EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/23 11:5 a.m.6 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons ( CVE-2025-48734).

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons CVE-2025-48734. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

8.8CVSS8.1AI score0.00258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/22 6:35 p.m.5 views

Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by path traversal (CVE-2025-36114)

Summary IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by path traversal. IBM SOAR QRadar Plugin app has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-36114 DESCRIPTION: IBM QRadar SOAR Plugin App could allow a remote attacker to traverse directories o...

7.5CVSS7AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/22 3:47 p.m.6 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty bundled with WebSphere Remote Server affected denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and WebSphere Application Server Liberty has been published in a security bulletin...

7.5CVSS7.7AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/22 12:52 p.m.6 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Kafka ( CVE-2025-27817,CVE-2025-27818 & CVE-2025-27819 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Deserialization of Untrusted Data and Server-Side Request Forgery SSRF due to Apache Kafka. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability has been identified in Apache...

8.8CVSS8.3AI score0.21423EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/22 11:20 a.m.11 views

Security Bulletin: Vulnerability in Sudo package affects IBM Integrated Analytics System.

Summary The Sudo package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2021-3156, CVE-2019-19234, CVE-2019-19232. Vulnerability Details CVEID:CVE-2021-3156 DESCRIPTION: Sudo before 1.9.5p2 contains an off-by-one error that can resu...

7.8CVSS9.4AI score0.92579EPSS
Exploits81Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/22 11:15 a.m.5 views

Security Bulletin: IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Commons Lang & FileUpload ( CVE-2025-48924 & CVE-2025-48976 )

Summary IBM App Connect for Healthcare is vulnerable to multiple vulnerabilities due to Apache Commons Lang & Apache Commons FileUpload. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...

7.5CVSS9.6AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/22 10:57 a.m.5 views

Security Bulletin: Vulnerability in moment.js affects IBM Integrated Analytics System [CVE-2022-31129]

Summary The moment.js package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2022-31129. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: moment is a JavaScript date library for parsing, validating, manipulating, and formatti...

7.5CVSS6.6AI score0.02872EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/22 7:32 a.m.4 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM)(CVE-2025-33142)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

7.5CVSS6.5AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/22 7:25 a.m.4 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Encoding or Escaping of Output due to xmldom ( CVE-2021-32796 )

Summary IBM App Connect Enterprise is vulnerable to Improper Encoding or Escaping of Output due to xmldom. Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions...

6.5CVSS6.6AI score0.01146EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/21 10:39 p.m.8 views

Security Bulletin: IBM QRadar SIEM is affected by local privilege escalation and cross-site scripting (CVE-2025-33120, CVE-2025-36042)

Summary IBM QRadar SIEM is affected by local privilege escalation and cross-site scripting, which could enable authenticated users to obtain elevated privileges and compromise the web UI potentially impacting session confidentiality. Vulnerability Details CVEID:CVE-2025-33120 DESCRIPTION: IBM...

7.8CVSS7.2AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/21 7:56 p.m.8 views

Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera

Summary On April 1, 2025, a critical vulnerability in the parquet-avro module of Apache Parquet CVE-2025-30065, CVSS score 10.0 was announced. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows ba...

10CVSS8AI score0.00419EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/21 7:40 p.m.4 views

Security Bulletin: Vulnerability in Dojo affects IBM Integrated Analytics System[CVE-2021-23450]

Summary The Dojo package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2021-23450. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: All versions of package dojo are vulnerable to Prototype Pollution via the setObject functio...

9.8CVSS6.6AI score0.01995EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/21 6:36 p.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plu...

5.3CVSS7.3AI score0.00883EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/21 5:47 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Apr 2025 - Includes OpenJDK April 2025 CPU pl...

7.8CVSS7.9AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/21 5:17 p.m.3 views

Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3

Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...

6.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/21 4:16 p.m.5 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been addressed CVE-2025-36097,CVE-2024-56339 Vulnerability Details Refer to the security...

7.5CVSS7.1AI score0.0027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/21 11:26 a.m.7 views

Security Bulletin: Vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis (CVE-2019-11358, CVE-2020-23064, CVE-2020-11023, CVE-2020-11022)

Summary Cross-site scriptingXSS vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis. It allows remote attackers to execute a script in a victim's Web browser. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal,...

6.9CVSS7.2AI score0.3466EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/21 7:45 a.m.3 views

Security Bulletin: A Security vulnerability in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerability were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase.CVE-2024-9143 Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field...

4.3CVSS7.7AI score0.00883EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/20 9:40 p.m.10 views

Security Bulletin: Multiple Secuirty vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge

Summary Multiple secuirty vulnerabilities impacting IBM Knowledge Catalog Standard Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...

8.8CVSS8.5AI score0.00505EPSS
Exploits4Affected Software1
Total number of security vulnerabilities34931