Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 5:27 p.m.17 views

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.0.37 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

8.8CVSS8.4AI score0.08594EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 3:45 p.m.13 views

Security Bulletin: Vulnerability Werkzeug, Twisted-22.10.0-py3, requests-2.32.2-py3, commons-lang-2.6, commons-fileupload-1.5, urllib3-2.2.2, jetty-server-9.4.56.v20240826 affect IBM Cloud Object Storage Systems (Oct 2025)

Summary Vulnerability with Werkzeug CVE-2024-34069, CVE-2023-46136 ,CVE-2024-49767, CVE-2024-49766 Twisted-22.10.0-py3 CVE-2024-41810, CVE-2023-46137, CVE-2024-41671, requests-2.32.2-py3 CVE-2024-47081, urllib3-2.2.2 CVE-2025-50182,CVE-2025-501810 commons-lang-2.6CVE-2025-48924,...

8.3CVSS7.5AI score0.03397EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 11:8 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does...

6.1CVSS6.3AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 11:7 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for al...

6.1CVSS6.5AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 8:59 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935.

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js...

7.5CVSS6.8AI score0.00683EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 7:0 a.m.4 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Apache Commons (CVE-2025-48734)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-48734 of Improper Access Control in Apache Commons. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version...

8.8CVSS7.2AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 6:57 a.m.12 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Spring boot and Spring Security

Summary IBM Sterling Control Center is affected by vulnerabilities in Spring boot and Spring Security CVE-2025-22235, CVE-2025-22228 and CVE-2024-38821 Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the...

9.1CVSS6.6AI score0.01726EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 6:55 a.m.8 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Java

Summary IBM Sterling Control Center is affected by vulnerabilities in IBM Java CVE-2025-21587, CVE-2025-30698, CVE-2025-2900 and CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...

7.8CVSS6.7AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 6:51 a.m.5 views

Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-security-core-6.4.5.jar (CVE-2025-41232)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41232 in spring-security-core-6.4.5.jar. Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an...

9.1CVSS6.7AI score0.00535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 6:36 a.m.5 views

Security Bulletin: IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA (CVE-2025-36361)

Summary IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA. Vulnerability Details CVEID:CVE-2025-36361 DESCRIPTION: IBM App Connect Enterprise could allow an authenticated user to perform unauthorized actions on customer defined resources...

8.8CVSS6.4AI score0.002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 3:55 a.m.6 views

Security Bulletin: Improper Access Control vulnerability in Apache Commons BeanUtils library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48734)

Summary Apache Commons BeanUtils library is used by Tivoli Netcool/OMNIbus WebGUI as part of Filter builder, View builder and Tool admin component. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was...

8.8CVSS7.3AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 3:53 a.m.6 views

Security Bulletin: Uncontrolled Recursion vulnerability in Apache Commons Lang library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48924)

Summary Apache Commons Lang library is used by Tivoli Netcool/OMNIbus WebGUI as part of Filter builder, View builder, Tool admin, Menu admin and Event Viewer Preferences component. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang...

5.3CVSS6.8AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/24 3:50 a.m.6 views

Security Bulletin: DoS vulnerability in Apache Commons FileUpload library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48976)

Summary Apache Commons FileUpload library is used by Tivoli Netcool/OMNIbus WebGUI as part of Map Resources admin component. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

7.5CVSS6.8AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:59 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM DataPower Gateway (OS kernel)

Summary Multiple vulnerabilities were addressed in IBM DataPower Gateway version 10.5.0.19 and 10.6.0.7 Vulnerability Details CVEID:CVE-2024-50154 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai La...

7.8CVSS5.1AI score0.00241EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:57 p.m.4 views

Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Java runtime

Summary Java Runtime is bundled with IBM DataPower Gateway, and used by some bundled components. CVE-2025-50059, CVE-2025-30754 Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle...

8.6CVSS5.9AI score0.00501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:56 p.m.7 views

Security Bulletin: Due to the use of Redis, IBM DataPower Gateway is vulnerable to a denial of service

Summary Redis is used in the API Gateway component, and for load balancing. CVE-2025-32023, CVE-2025-48367 Vulnerability Details CVEID:CVE-2025-32023 DESCRIPTION: Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticat...

7.8CVSS7.9AI score0.03877EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:31 p.m.4 views

Security Bulletin: vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT

Summary vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in...

5.8CVSS6.6AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:30 p.m.6 views

Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons FileUpload

Summary vulerability in IBM Spectrum Symphony with Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:29 p.m.7 views

Security Bulletin: vulerability in IBM Spectrum Symphony with jackson-core

Summary vulerability in IBM Spectrum Symphony with jackson-core Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an...

8.7CVSS6.6AI score0.00634EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:28 p.m.7 views

Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons

Summary vulerability in IBM Spectrum Symphony with Apache Commons Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declare...

8.8CVSS7.1AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:27 p.m.6 views

Security Bulletin: vulerability in IBM Spectrum Symphony with spring security

Summary vulerability in IBM Spectrum Symphony with spring security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

4.8CVSS6.6AI score0.00385EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:26 p.m.8 views

Security Bulletin: vulerability in IBM Spectrum Symphony with spring webmvc

Summary vulerability in IBM Spectrum Symphony with spring webmvc Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HT...

7.5CVSS6.6AI score0.54862EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:25 p.m.7 views

Security Bulletin: vulerability in IBM Spectrum Symphony with okhttp component

Summary vulerability in IBM Spectrum Symphony with okhttp component Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing...

5.5CVSS5.7AI score0.00436EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:25 p.m.12 views

Security Bulletin: multiple vulnerabilities in IBM Spectrum Symphony with Requests and urlib3

Summary Multiple vulnerabilities in IBM Spectrum Symphony with Requests and urlib3, which have now been addressed. Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not...

9.4CVSS7.3AI score0.01386EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:23 p.m.4 views

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java TLS API

Summary multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java TLS API Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature...

7.5CVSS6.7AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:22 p.m.4 views

Security Bulletin: vulerability in IBM Spectrum Symphony with Elasticsearch

Summary vulerability in IBM Spectrum Symphony with Elasticsearch Vulnerability Details CVEID:CVE-2024-23450 DESCRIPTION: A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. CWE:CWE-400:...

7.5CVSS6.5AI score0.00943EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:20 p.m.4 views

Security Bulletin: vulerability in IBM Spectrum Symphony with Express.js

Summary vulerability in IBM Spectrum Symphony with Express.js Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect...

6.1CVSS6.3AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:18 p.m.4 views

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Node.js

Summary multiple vulerability in IBM Spectrum Symphony with Node.js Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling...

8.2CVSS7.7AI score0.87211EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:16 p.m.7 views

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with IBM JRE

Summary multiple vulerability in IBM Spectrum Symphony with IBM JRE Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. CWE:CWE-200: Exposur...

7.5CVSS6.5AI score0.01361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:16 p.m.4 views

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty

Summary multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections...

7.5CVSS6.7AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 8:11 p.m.8 views

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with ISC BIND

Summary multiple vulerability in IBM Spectrum Symphony with ISC BIND Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queri...

7.5CVSS6.4AI score0.14614EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 3:54 p.m.7 views

Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library

Summary A bypass vulnerability where, despite CVE-2024-38820 ensuring Locale-independent lowercase conversion for disallowedFields patterns and request parameter names, there are still cases where it is possible to bypass the disallowedFields checks . Vulnerability Details CVEID:CVE-2025-22233...

5.3CVSS6.3AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 3:50 p.m.10 views

Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library

Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. A vulnerability where the fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive, but String.toLowerCase has Locale-dependent exceptions that could potentially result in...

5.3CVSS6.2AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 3:37 p.m.6 views

Security Bulletin: IBM MQ is affected by a denial of service vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty is used by IBM MQ as part of the IBM MQ Console and IBM MQ REST API functionality CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

7.5CVSS6.8AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 3:8 p.m.7 views

Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2025-48976)

Summary IBM MQ appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 3:7 p.m.8 views

Security Bulletin: IBM MQ Appliance is affected by open source vulnerabilities (CVE-2025-8058 and CVE-2025-7425)

Summary IBM MQ Appliance has addressed open source vulnerabilities. Vulnerability Details CVEID:CVE-2025-8058 DESCRIPTION: The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc...

7.8CVSS7.5AI score0.00339EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 3:6 p.m.5 views

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-36047)

Summary A denial of service vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-36047 Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server...

7.5CVSS6.5AI score0.00421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 3:5 p.m.4 views

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-36732)

Summary A denial of service vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-36732 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 fo...

5.3CVSS5.4AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 2:11 p.m.9 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to possible memory corruption due to the Linux kernel network scheduler (CVE-2025-37914)

Summary The Linux kernel network scheduler is used by DataStage on Cloud Pak for Data as part of network processing functionality. Vulnerability Details CVEID:CVE-2025-37914 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: netsched: ets: Fix double list add in clas...

7.8CVSS5.6AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 1:11 p.m.11 views

Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes a component with known vulnerabilities (CVE-2025-29927 & CVE-2025-48068)

Summary The product includes a vulnerable component e.g., framework library that may be identified and exploited with automated tools. IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION:...

9.1CVSS7.4AI score0.99621EPSS
Exploits58Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 11:15 a.m.11 views

Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library

Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. The vulnerability involves case-sensitive patterns for disallowedFields on a DataBinder, meaning a field is not effectively protected unless it is listed with both upper and lower case for the first...

5.3CVSS6.4AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 11:13 a.m.14 views

Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library

Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. The vulnerability involves another data bypass issue relaed to data binding field protection Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...

5.3CVSS6.6AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/23 11:6 a.m.8 views

Security Bulletin: A Prototype Pollution vulnerability in jquery.dataTables affects IBM Tivoli Network Manager IP Edition (ITNM) (CVE-2020-28458)

Summary A Prototype Pollution vulnerability in jquery.dataTables was addressed in ITNM version 4.2 Fix Pack 23 4.2.0.23 Vulnerability Details CVEID:CVE-2020-28458 DESCRIPTION: All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for...

7.5CVSS6.6AI score0.0367EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 9:15 p.m.31 views

Security Bulletin: IBM webMethods Integration Sever is affected by server-side request forgery (SSRF)

Summary IBM webMethods Integration Sever is affected by server-side request forgery SSRF. CVE-2025-36037 Vulnerability Details CVEID:CVE-2025-36037 DESCRIPTION: IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

5.4CVSS6.7AI score0.00178EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 3:59 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera High-Speed Transfer Server, IBM Aspera High-Speed Transfer Endpoint and IBM Aspera Desktop Client.

Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Server v4.4.7, IBM Aspera High-Speed Transfer Endpoint v4.4.7 and IBM Aspera Desktop Client v4.4.7. Vulnerability Details CVEID:CVE-2025-46818 DESCRIPTION: Redis is an open source, in-memory database that persists o...

9.9CVSS7.6AI score0.86767EPSS
Exploits14Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 12:16 p.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector

Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 6.4.0 Vulnerability Details CVEID:CVE-2019-19135 DESCRIPTION: In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua...

9.8CVSS7.8AI score0.99999EPSS
Exploits23Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not me...

7CVSS6.9AI score0.00145EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.13 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js:...

9.1CVSS8.1AI score0.00651EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.11 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may...

3.4CVSS8.1AI score0.00174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/22 11:24 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz Vulnerability Details CVEID:CVE-2025-6547 DESCRIPTION: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2:...

9.1CVSS6.9AI score0.00387EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608