Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34931 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/07 5:59 a.m.8 views

Security Bulletin: Vulnerabilities in axios affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in axios has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios...

9.8CVSS7.3AI score0.00088EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/07 5:55 a.m.3 views

Security Bulletin: Vulnerabilities in Babel affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Babel has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a...

6.2CVSS6.1AI score0.0006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/07 3:40 a.m.5 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts...

4.4CVSS6.2AI score0.00032EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/07 3:20 a.m.4 views

Security Bulletin: Vulnerabilities in SAXBuilder affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in SAXBuilder has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: An XX...

7.5CVSS6.1AI score0.01393EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/07 12:51 a.m.7 views

Security Bulletin: Vulnerabilities in CodeMirror affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in CodeMirror has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A...

6.9CVSS5.6AI score0.00308EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/07 12:27 a.m.7 views

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an...

5.5CVSS7AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/07 12:15 a.m.5 views

Security Bulletin: Vulnerabilities in SSH affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in SSH has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers...

7.5CVSS6.1AI score0.00591EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 9:33 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2024 CPU plus...

7.8CVSS6.8AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 6:17 p.m.4 views

Security Bulletin: Vulnerabilities in Babel affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Babel has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a...

6.2CVSS6.1AI score0.0006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:53 p.m.3 views

Security Bulletin: Multiple vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE...

5.9CVSS7.2AI score0.00169EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:47 p.m.5 views

Security Bulletin: Vulnerabilities in nanoid affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in nanoid has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid a...

4.3CVSS5.9AI score0.00107EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:36 p.m.4 views

Security Bulletin: Multiple vulnerability in IBM® SDK, Java™ and IBM® Semeru Runtime may affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow traditional requires IBM® SDK, Java™. IBM Business Automation Workflow containers package IBM® Semeru Runtime. Vulnerabilities for both variants of Java have been reported. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerabilit...

7.8CVSS7.1AI score0.00234EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:33 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-43204, CVE-2024-43394, CVE-2024-42516)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

6AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:25 p.m.5 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow embedded Navigator - CVE-2024-38808

Summary IBM Business Automation Workflow embedded Navigator repackages a vulnerable copy of Spring. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring...

4.3CVSS6.6AI score0.00809EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:22 p.m.6 views

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2025-33197

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details CVEID:CVE-2025-33197 DESCRIPTION: IBM Business Automation Workflow, CP4BA is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary...

5.5CVSS6.2AI score0.00021EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:21 p.m.6 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and...

9.1CVSS6.3AI score0.32338EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:19 p.m.4 views

Security Bulletin: Security vulnerability in jetty may affect IBM Business Automation Workflow - CVE-2024-6763

Summary IBM Business Automation Workflow is vulnerable packages a vulnerable copy of eclipse jetty. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...

5.3CVSS6AI score0.01189EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:16 p.m.6 views

Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141

Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...

6.5CVSS7AI score0.00809EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:12 p.m.4 views

Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty may affect IBM Business Automation Workflow - CVE-2025-25193, CVE-2025-23184

Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty. Multiple security vulnerabilies have been reported...

7.5CVSS6.9AI score0.00147EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 5:10 p.m.5 views

Security Bulletin: Cross Site Scripting vulnerabiliies may affect IBM Business Automation Workflow - CVE-2024-47875, CVE-2024-48910

Summary IBM Business Automation Workflow packages a vulnerable copy of DOMPurify. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability i...

10CVSS8.7AI score0.02592EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 4:39 p.m.3 views

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is ...

5.5CVSS6.8AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 4:37 p.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.14 LTS and 12.14.0 addresses the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.8CVSS9AI score0.01419EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 4:10 p.m.10 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.3 Vulnerability Details CVEID:CVE-2013-4660 DESCRIPTION: The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute...

7.5CVSS10AI score0.64507EPSS
Exploits17Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 3:52 p.m.14 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed multiple vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to...

8.8CVSS9.3AI score0.21423EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 3:40 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF006

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF006 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Request...

9.1CVSS7.4AI score0.00208EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 1:40 p.m.12 views

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

7.5CVSS7.3AI score0.00591EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 11:37 a.m.4 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-27907)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.1CVSS5.8AI score0.00123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 11:19 a.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-23166]

Summary Node.js is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js. CVE-2025-23166 Vulnerability Details...

7.5CVSS7.5AI score0.00304EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 11:17 a.m.4 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality [CVE-2025-22874]

Summary Golang module crypto/x509 is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang...

7.5CVSS5.9AI score0.00076EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/06 7:11 a.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF18 patch Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons...

8.8CVSS8.3AI score0.00762EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/05 6:39 p.m.2 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2025-21587, CVE-2025-30698, CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to...

7.8CVSS6.8AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/05 6:37 p.m.6 views

Security Bulletin: IBM Tivoli Monitoring is affected by heap buffer overflow vulnerabilities

Summary IBM Tivoli Monitoring has addressed heap buffer overflow vulnerabilities CVE-2025-3354, CVE-2025-3320 Vulnerability Details CVEID:CVE-2025-3354 DESCRIPTION: IBM Tivoli Monitoring is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could...

9.8CVSS7.6AI score0.00738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/05 5:6 p.m.6 views

Security Bulletin: IBM Guardium Data Protection is affected by a RHEL7 Kernel vulnerability (CVE-2024-36971)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-36971 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when...

7.8CVSS7.6AI score0.00449EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/05 3:40 p.m.27 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple Tomcat vulnerabilities (CVE-2025-24813, CVE-2024-50379)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files...

10CVSS9.9AI score0.9413EPSS
Exploits55Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/05 3:36 p.m.8 views

Security Bulletin: IBM Guardium Data Protection is affected by a Privilege Escalation vulnerability (CVE-2025-3473)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-3473 DESCRIPTION: IBM Security Guardium could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program...

6.7CVSS5.9AI score0.00043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/05 3:14 p.m.10 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - could be susceptible to cross-site scripting due to no validation of URIs.

Summary IBM Engineering Lifecycle Optimization - Publishing could be susceptible to cross-site scripting due to no validation of URIs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimizati...

6.1CVSS5.7AI score0.00143EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/05 10:55 a.m.4 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM)(CVE-2024-56339)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

7.5CVSS5.6AI score0.00132EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/05 10:51 a.m.5 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2025-36097)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

7.5CVSS5.7AI score0.0027EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/05 5:15 a.m.5 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to FreeType Remote Code Execution Vulnerability (CVE-2025-27363)

Summary IBM Sterling Partner Engagement Manager uses FreeType has part of the package and is affected by CVE-2025-27363 for versions 2.13.0 and below. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of...

8.1CVSS7.5AI score0.70344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/04 12:44 p.m.5 views

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bound...

9.8CVSS9.3AI score0.01111EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/04 7:13 a.m.12 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871"

Summary IBM Maximo Application Suite uses " axios, http-proxy-middleware and net/http package " which is vulnerable to "CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871". This bulletin contains information regarding the vulnerability and how to address it. Vulnerability Details...

9.1CVSS6.7AI score0.00294EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/04 6:39 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - The jackson-core package is vulnerable to a Denial of Service (DoS) attack

Summary There is a Jackson-Core vulnerability shipped with IBM Engineering Lifecycle Optimization - Publishing. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/04 6:37 a.m.6 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - In Connect2id Nimbus JOSE+JWT, an attacker can cause a denial of service

Summary Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause ...

7.5CVSS6AI score0.00105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/04 6:37 a.m.8 views

Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817)

Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka...

8.8CVSS7.7AI score0.21423EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/04 6:36 a.m.3 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-25193)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

5.5CVSS7.1AI score0.00096EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/02 5:53 p.m.19 views

Security Bulletin: IBM Spectrum Protect Server may not count invalid sign-on attempts from Operations Center (CVE-2022-22485)

Summary The IBM Spectrum Protect Server, in certain instances, may not increment the number of invalid sign-on attempts from Operations Center. This could allow an attacker to use brute force techniques to gain access to the IBM Spectrum Protect Server. Vulnerability Details CVEID:CVE-2022-22485...

9.8CVSS6.1AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/02 3:58 p.m.55 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.3466EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/01 7:16 p.m.41 views

Security Bulletin: Outbound Email for SOAR App is using a component with a known vulnerability (CVE-2025-27516)

Summary The Outbound Email for SOAR App uses an older version of the jinja template library that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to Outbound Email for SOAR version 2.1.4 or later. Vulnerabilit...

8.8CVSS7.9AI score0.00121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/01 4:1 p.m.9 views

Security Bulletin: Vulnerability with spring-security-crypto and jinja affect IBM Cloud Object Storage Systems (July 2025)

Summary Vulnerability with spring-security-crypto CVE-2025-22228 and jinja CVE-2025-27516 . This vulnerability has been addressed in the latest ClevOS release. Vulnerability Details CVEID:CVE-2025-22228 DESCRIPTION: BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for...

8.8CVSS7.6AI score0.00121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/08/01 3:11 p.m.5 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in...

7.5CVSS6.6AI score0.00125EPSS
Exploits0Affected Software1
Total number of security vulnerabilities34931