Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 2:38 p.m.8 views

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to take over Java SE

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-50106 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM...

8.1CVSS6.7AI score0.00611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 2:27 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom-0.8.10.tgz which is vulnerable to this CVE-2021-32796

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses xmldom-0.8.10.tgz which is vulnerable to this CVE-2021-32796 Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParse...

6.5CVSS6.6AI score0.01347EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 2:25 p.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0, golang.org/x/net-v0.33.0, golang.org/x/net-v0.34.0 which is vulnerable to this CVE-2025-22870

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0, golang.org/x/net-v0.33.0, golang.org/x/net-v0.34.0 which is vulnerable to this CVE-2025-22870 Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against prox...

4.4CVSS7.5AI score0.00384EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 2:25 p.m.13 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.0-py3-none-any.whl which is vulnerable to this CVE-2025-47278

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask-3.1.0-py3-none-any.whl which is vulnerable to this CVE-2025-47278 Vulnerability Details CVEID:CVE-2025-47278 DESCRIPTION: Flask is a web server gateway interface WSGI web application framework. In Fla...

1.8CVSS7.4AI score0.00153EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 2:23 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0 which is vulnerable to CVE-2024-45338, CVE-2023-45288, CVE-2025-22870

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/net-v0.21.0 which is vulnerable to CVE-2024-45338, CVE-2023-45288, CVE-2025-22870 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions...

7.5CVSS7.6AI score0.91969EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 2:16 p.m.6 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Improper Resource Shutdown or Release due to Apache Tomcat ( CVE-2025-48989 )

Summary IBM Integration Bus for z/OS is vulnerable to Improper Resource Shutdown or Release due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This...

7.5CVSS6.6AI score0.03389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 12:12 p.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-2.0.1.tgz which is vulnerable to this CVE-2025-5889

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-2.0.1.tgz which is vulnerable to this CVE-2025-5889 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to...

3.1CVSS8.2AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 11:38 a.m.10 views

Security Bulletin: IBM TXSeries for Multiplatforms is affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability & a use-after-free (UAF) vulnerability found in Linux kernel packages.

Summary IBM TXSeries for Multiplatforms is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability & a use-after-free UAF vulnerability found in Linux kernel packages. The versions of the packages that are delivered with IBM TXSeries for Multiplatforms have been updated in ord...

7.8CVSS4.8AI score0.01345EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 11:4 a.m.31 views

Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.306 Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within...

8.2CVSS8.5AI score0.01916EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 10:22 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-32873

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-32873. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-32873 DESCRIPTION: An issue was discovered in Django 4.2 before...

5.3CVSS6.8AI score0.13969EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 10:21 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-48432

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.20-py3-none-any.whl CVE-2025-48432. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48432 DESCRIPTION: An issue was discovered in Django 5.2 before...

5.3CVSS7.3AI score0.006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 8:10 a.m.3 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses commons-lang3-3.17.0.jar which is vulnerable to this CVE-2025-48924

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses commons-lang3-3.17.0.jar which is vulnerable to this CVE-2025-48924 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects...

5.3CVSS6.7AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 6:58 a.m.16 views

Security Bulletin: Due to use of Apache Commons, IBM Operations Analytics - Log Analysis is affected by Improper Handling of Untrusted Input During Deserialization

Summary Apache Commons is used by IBM Operations Analytics - Log Analysis as part of the configuration parsing in Apache Solr CVE-2017-15708, CVE-2019-13116 and Java Deserialization CVE-2015-4852, CVE-2015-6420, CVE-2015-7501 Vulnerability Details CVEID:CVE-2015-4852 DESCRIPTION: The WLS Security...

10CVSS9.8AI score0.96032EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/09 6:33 a.m.6 views

Security Bulletin: WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions (CVE-2024-56339)

Summary WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker ...

7.5CVSS6.6AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 9:53 p.m.6 views

Security Bulletin: AIX/VIOS is vulnerable to arbitrary file write due to Kerberos (CVE-2025-36244)

Summary Vulnerability in AIX's Kerberos could allow a non-privileged local user to write to arbitrary files CVE-2025-36244 Vulnerability Details CVEID:CVE-2025-36244 DESCRIPTION: IBM AIX, when configured to use Kerberos network authentication, could allow a local user to write to files on the...

7.4CVSS6.4AI score0.00113EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 9:36 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex

Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14. Vulnerability Details CVEID:CVE-2025-55193 DESCRIPTION: Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may ...

6.9CVSS6.6AI score0.00527EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 3:13 p.m.11 views

Security Bulletin: Multiple vulnerabilities in Spring may affect IBM Business Automation Workflow - CVE-2024-38820, CVE-2025-22233

Summary IBM Business Automation Workflow packages vulnerable copies of Spring framework. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptio...

5.3CVSS6.4AI score0.00631EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 2:29 p.m.8 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities.

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-45010 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning...

5.5CVSS6.6AI score0.00224EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 2:26 p.m.6 views

Security Bulletin: IBM Guardium Data Protection is affected by kernel vulnerabilities.

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2023-52478 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidppconnectevent has...

5.5CVSS6.7AI score0.00275EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 12:26 p.m.8 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console( CVE-2022-1471,CVE-2024-22259,CVE-2020-8565, CVE-2019-11250,CVE-2023-44487,CVE-2022-46175, CVE-2024-22243)

Summary SnakeYaml Constructor Deserialization Remote Code Execution. Spring-web-6.0.11, k8s.io-client-go, k8s.io-Apimachinery-v0.25.1, json5-1.0.1, spring-web-6.0.11 open source libraries are used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the...

9.8CVSS8AI score0.99999EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 12:19 p.m.8 views

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-7783, CVE-2025-22868, CVE-2025-57810, CVE-2025-27789, CVE-2025-22870, CVE-2025-58754)

Summary form-data-3.0.0.tgz, golang.org/x/oauth2-v0.0.0-20211104180415-d3ed0bb246c8, jspdf-3.0.1.tgz, runtime-7.26.0.tgz, golang.org/x/net-v0.33.0 and axios-1.9.0.tgz the following dependency packages are being used by IBM Db2 Intelligence Center. This bulletin describes the upgrades necessary to...

9.4CVSS6.6AI score0.01735EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 11:16 a.m.4 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Uncontrolled Recursion vulnerability in Apache Commons Lang

Summary Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... Can Throw A StackOverflowError On Very Long Inputs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...

5.3CVSS6.7AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 10:19 a.m.4 views

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability (CVE-2025-48989).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability CVE-2025-48989. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper...

7.5CVSS6.6AI score0.03389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/08 8:0 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2024-45337 and CVE-2025-22869

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2024-45337 and CVE-2025-22869 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...

9.1CVSS6.4AI score0.03153EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:58 p.m.12 views

Security Bulletin:IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

7.5CVSS6.7AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:37 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in form-data package

Summary IBM Watson Discovery Cartridge contains a vulnerable version of form-data Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files...

9.4CVSS6.6AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:37 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in deepdiff-8.5.0-py3-none-any.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of deepdiff-8.5.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-58367 DESCRIPTION: DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class...

10CVSS7.5AI score0.01056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 6:56 p.m.10 views

Security Bulletin: Several Security Vulnerabilities have been discovered in IBM Security Verify Directory Appliance

Summary Security Vulnerabilities have been addressed in IBM Security Verify Directory Appliance. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and hig...

8.1CVSS7.4AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 5:4 p.m.5 views

Security Bulletin: Multiple vulnerabilities in OpenJDK may affect opensearch in IBM Business Automation Workflow on Containers - CVE-2025-30749, CVE-2025-30754, CVE-2025-2025-50059

Summary IBM Business Automation Workflow provides a container image for opensearch. OpenJDK on this image is outdated. Vulnerability Details CVEID:CVE-2025-30749 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE...

8.6CVSS6.3AI score0.01058EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:47 p.m.6 views

Security Bulletin: Improper Access Control vulnerability in Apache Commons may affect IBM Business Automation Workflow - CVE-2025-48734

Summary IBM Business Automation Workflow packages a copy of Apache commons-beanutils. CVE-2025-48734 has been reported for this library. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...

8.8CVSS7AI score0.01495EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:25 p.m.3 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses Requests is a HTTP library. Due to a URL parsing issue to third parties for specific urls.

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses Requests is a HTTP library. Due to a URL parsing issue to third parties for specific urls. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081...

5.3CVSS6.5AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:24 p.m.4 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server could allow a remote attacker to bypass security restrcitions.

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server could allow a remote attacker to bypass security restrcitions. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-56339...

7.5CVSS6.4AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:23 p.m.4 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses Pillow is a Python imaging library format due to writing into a buffer.

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses Pillow is a Python imaging library format due to writing into a buffer.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is...

7.1CVSS6.9AI score0.00259EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:22 p.m.3 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server are vulnerable to denial of service.

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server are vulnerable to denial of service.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere...

7.5CVSS6.7AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:21 p.m.4 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses urllib3 is a user-friendly HTTP client for Python.

Summary Security Bulletin: Security Bulletin: IBM Maximo Application Suite - Predict Component uses urllib3 is a user-friendly HTTP client for Python. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is...

6.1CVSS6.3AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:8 p.m.10 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.3

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.3 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to...

9.8CVSS8.2AI score0.03389EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 2:36 p.m.6 views

Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to multiple vulnerabilities (CVE-2025-52520, CVE-2025-53506 and CVE-2025-52434).

Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to multiple vulnerabilities CVE-2025-52520, CVE-2025-53506 and CVE-2025-52434. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-52520 DESCRIPTION: For...

7.5CVSS7AI score0.0196EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 11:2 a.m.10 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36099)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

4.9CVSS6.6AI score0.00299EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 11:1 a.m.6 views

Security Bulletin: There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Asset Management application (CVE-2025-48924)

Summary There is a vulnerability in commons-lang3-3.4.jarused by IBM Maximo Asset Management application CVE-2025-48924 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.3AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 11:0 a.m.6 views

Security Bulletin: There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-48924)

Summary There is a vulnerability in commons-lang3-3.4.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting wi...

5.3CVSS6.6AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:57 a.m.10 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons Compress

Summary Vulnerabilities have been identified in Apache Commons Compress, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons...

8.1CVSS9.2AI score0.00898EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:42 a.m.7 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "eventlet-0.39.0-py3-none-any.whl, commons-lang3-3.17.0.jar, spring-core-6.2.10.jar" which is vulnerable to "CVE-2025-58068, CVE-2025-48924, CVE-2025-41249". This bulletin contains information regarding the vulnerability and how it is addressed...

9.1CVSS6.3AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:41 a.m.4 views

Security Bulletin: IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182

Summary IBM Truststore Manager uses urllib3-2.4.0-py3-none-any.whl and requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2025-50181 and CVE-2025-50182. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION:...

6.1CVSS6.5AI score0.00846EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:41 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty V.25.0.0.2, flask-3.1.0-py3-none-any.whl form-data-2.5.1.tgz and golang.org/x/net which is vulnerable to CVE-2025-36097, CVE-2025-7783, CVE-2025-25193, CVE-2025-47278, CVE-2025-23184, CVE-2025-22872 and CVE-2024-56339...

9.4CVSS6.6AI score0.01941EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:40 a.m.11 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to CVEs.

Summary IBM Maximo Application Suite uses spring-beans-6.2.9.jar, spring-context-6.1.14.jar, flask-3.1.0-py3-none-any.whl, kafka-clients-3.9.0.jar, cxf-core-3.6.7.jar, urllib3-1.26.20-py2.py3-none-any.whl, postgresql-42.7.5.jar, requests-2.32.3-py3-none-any.whl,commons-beanutils-1.9.4.jar which i...

8.8CVSS7.6AI score0.01916EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:21 a.m.10 views

Security Bulletin: IBM Sterling Connect:Direct Web Services vulnerable to spring-beans-6.2.3.jar (CVE-2025-41242)

Summary IBM Sterling Connect:Direct Web Services is vulnerable toPath Traversal Vulnerability in spring-beans-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a...

5.9CVSS6.8AI score0.01916EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:19 a.m.8 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-security-core-6.4.3.jar (CVE-2025-41248)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-security-core-6.4.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41248...

7.5CVSS6.4AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:14 a.m.6 views

Security Bulletin: IBM Connect:Direct Web Services is affected by a PostgreSQL vulnerability (CVE-2025-49146)

Summary IBM Connect:Direct Web Services has addressed a PostgreSQL vulnerability. Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to requir...

8.2CVSS6.7AI score0.00461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 7:8 a.m.7 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-core-6.2.3.jar (CVE-2025-41249)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-core-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The...

7.5CVSS6.4AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 6:45 a.m.5 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-web-6.2.3.jar(CVE-2025-41234)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to a reflected file download RFD attack in spring-web-6.2.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x a...

6.5CVSS7.5AI score0.00533EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608