Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 10:4 p.m.9 views

Security Bulletin: AIX/VIOS is vulnerable to a memory corruption issue (CVE-2025-6965) due to RPM

Summary Vulnerability in RPM could allow an attacker to cause a memory corruption issue CVE-2025-6965. RPM is used by AIX for package management. Vulnerability Details CVEID:CVE-2025-6965 DESCRIPTION: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate term...

7.7CVSS7.1AI score0.73495EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 9:58 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to an open redirect attack due to the Eclipse Jetty package (CVE-2024-6763)

Summary Eclipse Jetty is used by DataStage on Cloud Pak for Data as part of the server processing functionality. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI,...

5.3CVSS6.6AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 8:19 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-10.1.42.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-10.1.42.jar Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affect...

7.5CVSS6.4AI score0.03389EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 8:18 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in IBM SDK

Summary IBM Watson Discovery Cartridge contains a vulnerable version of IBM SDK Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that a...

8.1CVSS7AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 8:18 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in webrick-1.4.2.gem

Summary IBM Watson Discovery Cartridge contains a vulnerable version of webrick-1.4.2.gem Vulnerability Details CVEID:CVE-2025-6442 DESCRIPTION: Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected...

6.5CVSS6.4AI score0.00422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 7:50 p.m.6 views

Security Bulletin: IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a stack-based buffer overflow

Summary IBM InfoSphere Data Replication VSAM for z/OS Remote Source is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system...

7.8CVSS7.8AI score0.00116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 7:10 p.m.4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in urllib3-1.26.20-py2.py3-none-any.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of urllib3-1.26.20-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by...

6.1CVSS6.3AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 7:10 p.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in eslint-config-prettier

Summary IBM Watson Discovery Cartridge contains a vulnerable version of eslint-config-prettier Vulnerability Details CVEID:CVE-2025-54313 DESCRIPTION: eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package...

7.5CVSS8AI score0.04146EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 7:8 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-9.0.106.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of tomcat-embed-core-9.0.106.jar Vulnerability Details CVEID:CVE-2025-53506 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that...

7.5CVSS7.8AI score0.0196EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 6:41 p.m.8 views

Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Editio...

8.1CVSS7.5AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 5:0 p.m.6 views

Security Bulletin: Several Security Vulnerabilities have been discovered in IBM Security Verify Access and IBM Verify Identity Access products. (CVE-2025-36354, CVE-2025-36355, CVE-2025-363546)

Summary Security Vulnerabilities have been addressed in IBM Security Verify Access 10.0.9.0-IF3 and IBM Verify Identity Access 11.0.1.0-IF1. Vulnerability Details CVEID:CVE-2025-36355 DESCRIPTION: IBM Security Verify Access could allow a locally authenticated user to execute malicious scripts fro...

9.3CVSS7.9AI score0.00295EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 4:34 p.m.6 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now included in 6.1.9.8 and 6.2.3.2

Summary The following vulnerabilities that can affect IBM Storage Scale System and could provide weaker than expected security are now fixed in 6.1.9.8 and 6.2.3.2. Vulnerability Details CVEID:CVE-2024-26934 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: USB: cor...

7.8CVSS5.8AI score0.00272EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 4:33 p.m.5 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now included in 6.1.9.8 and 6.2.3.1

Summary The following vulnerabilities that can affect IBM Storage Scale System and could provide weaker than expected security are now fixed in 6.1.9.8 and 6.2.3.1. Vulnerability Details CVEID:CVE-2024-26973 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: fat: fix...

7.8CVSS5.7AI score0.00265EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 3:43 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Jul 2025 - Includes OpenJDK July 2025 CPU...

8.6CVSS7.8AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 3:29 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle July 2025 CPU...

8.1CVSS7.4AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 12:29 p.m.4 views

Security Bulletin: Vulnerability in golang.org/x/crypto and idna affects IBM Db2 Data Management Console(CVE-2024-45337, CVE-2024-3651)

Summary golang.org/x/crypto and idna dependency packages is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...

9.1CVSS5.8AI score0.03153EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 10:28 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses requests-2.32.3-py3-none-any.whl which is vulnerable to CVE-2024-47081 Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior...

5.3CVSS6.7AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 9:30 a.m.6 views

Security Bulletin: IBM Transformation Extender Advanced is affected by unsafe Java deserialization.

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is affected by unsafe Java deserialization. Vulnerability Details CVEID:CVE-2023-49886 DESCRIPTION: IBM Standards Processing Engine could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS7.7AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/06 7:16 a.m.3 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses form-data-4.0.1.tgz and form-data-4.0.3.tgz which are vulnerable to this CVE-2024-6345

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses form-data-4.0.1.tgz and form-data-4.0.3.tgz which are vulnerable to this CVE-2024-6345 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...

9.4CVSS6.8AI score0.01939EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 7:25 p.m.10 views

Security Bulletin: Vulnerability in go package in nginx-controller affects IBM Db2 Data Management Console

Summary go package in nginx-controller open source library is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified error with return an incorrect result in the...

7.5CVSS6.7AI score0.04561EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 6:29 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in requests-2.32.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge contains a vulnerable version of requests-2.32.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties f...

5.3CVSS6.6AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 6:27 p.m.9 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jackson-core-2.10.3.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of jackson-core-2.10.3.jar Vulnerability Details CVEID:CVE-2025-49128 DESCRIPTION: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in versio...

4CVSS6AI score0.00314EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 4:18 p.m.8 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server have been remediated. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limi...

7.5CVSS6.9AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 12:55 p.m.6 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a denial of service

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a denial of service CVE-2025-36099 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

4.9CVSS6.2AI score0.00299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 9:38 a.m.3 views

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application ManagerCVE-2025-36099 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

4.9CVSS6.1AI score0.00299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 8:49 a.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager(CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of...

8.1CVSS7.2AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/03 7:58 a.m.12 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed WebSphere Application Server traditional which is affected by a denial of service (CVE-2025-36099)

Summary The issue described in CVE-2025-36099 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details CVEID:CVE-2025-36099 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is...

4.9CVSS6.5AI score0.00299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/02 9:11 p.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2025-36099)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

4.9CVSS6.3AI score0.00299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/02 4:19 p.m.5 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by a potential denial of service attack due to Apache Thrift

Summary Apache Thrift is used by IBM Operations Analytics - Log Analysis as part of the Remote Procedure Call interface in Apache Solr. CVE-2020-13949 Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which...

7.5CVSS6.5AI score0.06779EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/02 4:12 p.m.6 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-36099)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

4.9CVSS6.3AI score0.00299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/02 4:7 p.m.6 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Denial of Service attack due to CyberNeko HTML Parser

Summary Security Bulletin: CyberNeko HTML is used by IBM Operations Analytics - Log Analysis as document ingestion in Logstash CVE-2022-29546, CVE-2022-24839, CVE-2022-28366 Vulnerability Details CVEID:CVE-2022-29546 DESCRIPTION: HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of...

7.5CVSS6.4AI score0.02114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 8:28 p.m.8 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to Uncontrolled Resource Consumption due to Eclipse Jetty.

Summary Eclipse Jetty is used by IBM Sterling Connect:Direct for UNIX in upgrade management. IBM Sterling Connect:Direct for UNIX is impacted by vulnerability in Eclipse Jetty. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2...

7.5CVSS6.6AI score0.00625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 8:21 p.m.3 views

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 8 to address the issues. Vulnerability...

8.1CVSS6.2AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 8:13 p.m.5 views

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable to several vulnerabilities due to IBM Java 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 17 to address the issues. Vulnerabilit...

8.6CVSS6.7AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 7:14 p.m.4 views

Security Bulletin: IBM Watson Studio on Cloud Pak for Data is vulnerable to a cross-site scripting vulnerability

Summary Watson Studio on Cloud Pak for Data is vulnerable to cross-site scripting within the Web UI CVE-2025-33116 Vulnerability Details CVEID:CVE-2025-33116 DESCRIPTION: IBM Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitra...

5.4CVSS5.5AI score0.00162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 6:44 p.m.9 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Remote Server, is affected by a denial of service (CVE-2025-36099)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS6.3AI score0.00299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 5:19 p.m.4 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-36099)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

4.9CVSS6.3AI score0.00299EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 4:58 p.m.4 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by a denial of service due to JSON-P Java API

Summary JSON-P java api is used by IBM Operations Analytics - Log Analysis as part of converting plain Java objects to and from JSON data in WebSphere Application Server Liberty. CVE-2025-36097. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9.0 and...

7.5CVSS6.9AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 4:13 p.m.5 views

Security Bulletin: IBM Transformation Extender Advanced, also known as Standards Processing Engine, does not have strong passwords by default

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, does not require that users should have strong passwords by default. Vulnerability Details CVEID:CVE-2023-49883 DESCRIPTION: IBM Standards Processing Engine does not require that users should have strong...

7.5CVSS6.5AI score0.00255EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 4:12 p.m.3 views

Security Bulletin: IBM Transformation Extender Advanced is could allow user impersonation.

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, could allow an authenticated user to impersonate another user on the system. Vulnerability Details CVEID:CVE-2023-49881 DESCRIPTION: IBM Standards Processing Engine does not invalidate session after logou...

8.8CVSS6.3AI score0.00204EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 4:10 p.m.6 views

Security Bulletin: IBM Transformation Extender Advanced could allow a local user to perform unauthorized actions due to improper access controls.

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, could allow a local user to perform unauthorized actions due to improper access controls. Vulnerability Details CVEID:CVE-2023-50300 DESCRIPTION: IBM Standards Processing Engine could allow a local user t...

6.2CVSS6.1AI score0.00102EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 4:8 p.m.11 views

Security Bulletin: IBM Transformation Extender Advanced stores potentially sensitive information in log files that could be read by a local user.

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, stores potentially sensitive information in log files that could be read by a local user. Vulnerability Details CVEID:CVE-2023-50301 DESCRIPTION: IBM Standards Processing Engine stores potentially sensiti...

4.4CVSS5.9AI score0.00108EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 4:7 p.m.9 views

Security Bulletin: IBM Transformation Extender Advanced is affected by Angular dependencies

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to multiple Angular.js issues. Please upgrade to a patched version. Vulnerability Details CVEID:CVE-2019-14863 DESCRIPTION: There is a vulnerability in all angular versions before...

7.5CVSS6AI score0.02179EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 3:31 p.m.9 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.16 LTS and 12.16.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

8CVSS7.3AI score0.02303EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 3:29 p.m.4 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use MQ clients are vulnerable to password disclosure [CVE-2025-36100]

Summary The IBM MQ client code is available in the IBM App Connect Enterprise Certified Container image used by an IntegrationServer or IntegrationRuntime component. The client is vulnerable to a password disclosure vulnerability when MQ trace is enabled. This bulletin provides patch information ...

5.5CVSS6.4AI score0.00094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 3:27 p.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to incorrect binary execution [CVE-2025-47906]

Summary IBM App Connect Enterprise Certified Container operator and operands contain Golang binaries that are vulnerable to incorrect binary exection. This bulletin provides patch information to address the reported vulnerability in Golang module os/exec. CVE-2025-47906 Vulnerability Details...

6.5CVSS6.7AI score0.00489EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 3:26 p.m.4 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION:...

8.1CVSS6.2AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 3:25 p.m.5 views

Security Bulletin: due to the use of 10x UI, IBM Transformation Extender Advanced is vulnerable to unsafe deserialization in Java

Summary IBM Transformation Extender Advanced also known as IBM Standards Processing Engine has a vulnerability that could allow attackers to perform remote code execution. Please upgrade to one of the fixed versions in this bulletin. Vulnerability Details CVEID:CVE-2022-42441 DESCRIPTION: IBM...

8.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 3:20 p.m.8 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in Eclipse Jetty

Summary There is vulnerability in Eclipse Jetty used by Install Agent in IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 t...

7.5CVSS6.5AI score0.00625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 2:49 p.m.4 views

Security Bulletin: due to the use of Apache Commons IO, IBM Transformation Extender Advanced is vulnerable to excessive CPU consumption

Summary Apache Commons IO is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of .... CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

4.3CVSS6.6AI score0.01249EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608