Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 2:2 p.m.9 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to multiple vulnerabilities due to the Bouncy Castle package

Summary Bouncy Castle is used by DataStage on Cloud Pak for Data as part of cryptography functionality. Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73....

7.5CVSS6.7AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 1:24 p.m.7 views

Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent

Summary Vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of agent framework in ITCAM for Applications WebSphere MQ Monitoring Agent. CVEs: CVE-2025-50106, CVE-2025-30749. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle...

8.1CVSS6.7AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 9:12 p.m.10 views

Security Bulletin: Vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Cloud Gateway Server, Bouncy Castle, Reactor Netty HTTP Server, NPM and Apache Commons. Vulnerabilities include forwarded headers from untrusted proxies, opening up a possibility of DNS poisoning,...

8.8CVSS7.7AI score0.01495EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 7:9 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary There are vulnerabilities in Open Source Software OSS components consumed by IBM Planning Analytics. Additionally, IBM Planning Analytics is vulnerable to Cross-site scripting. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics...

9.4CVSS5.2AI score0.01735EPSS
Exploits4Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 5:17 p.m.6 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for September 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF005. These vulnerabilities have been also addressed in 25.0.0-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling...

8.7CVSS6.4AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 4:56 p.m.21 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.11.0 Vulnerability Details CVEID:CVE-2025-30749 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported...

8.1CVSS9.4AI score0.01058EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 4:36 p.m.8 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to execution of arbitrary commands (CVE-2025-36245)

Summary A vulnerability that allows execution of arbitrary commands was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2025-36245 DESCRIPTION: IBM InfoSphere Information Server could allow an authenticated user to execute arbitrary commands with elevated privilege...

8.8CVSS7.3AI score0.00417EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 3:44 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Toolkit is vulnerable to Improper Verification of Cryptographic Signature due to EdDSA (CVE-2020-36843)

Summary IBM App Connect Enterprise Toolkit is vulnerable to Improper Verification of Cryptographic Signature due to EdDSA. Vulnerability Details CVEID:CVE-2020-36843 DESCRIPTION: The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not...

4.3CVSS6.5AI score0.00133EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 3:23 p.m.5 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') due to Node.js ( CVE-2025-27210 )

Summary IBM App Connect Enterprise is vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' due to Node.js . Vulnerability Details CVEID:CVE-2025-27210 DESCRIPTION: An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting...

7.5CVSS6.5AI score0.09752EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 3:14 p.m.4 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Allocation of Resources Without Limits or Throttling due to Node.js module axios (CVE-2025-58754)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise runtime are vulnerable to Allocation of Resources Without Limits or Throttling due to Node.js module axios. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTT...

7.5CVSS6.5AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 1:23 p.m.13 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF005 (September 2025)

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF005. Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens...

8.8CVSS8.1AI score0.01495EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 1:14 p.m.9 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to helm ( CVE-2025-32386, CVE-2025-32387 )

Summary Helm is used by IBM Cloud Pak for Data to build binaries in cpd-cli. Vulnerability Details CVEID:CVE-2025-32386 DESCRIPTION: Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g.,...

6.5CVSS6.7AI score0.00407EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 11:48 a.m.15 views

Security Bulletin: IBM webMethods Integration is affected by vulnerable swagger-ui library

Summary IBM webMethods Integration - Designer Service Development is affected by vulnerable swagger-ui library. CVE-2018-25031/CWE-20 Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a...

4.3CVSS6.5AI score0.42326EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 11:31 a.m.7 views

Security Bulletin: Due to use of Apache Derby, IBM Operations Analytics - Log Analysis is affected by Improperly Controlled Modification

Summary Package jszip is used by IBM Operations Analytics - Log Analysis as compression in web interface for Apache Derby. CVE-2021-23413. Vulnerability Details CVEID:CVE-2021-23413 DESCRIPTION: This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object...

5.3CVSS6.5AI score0.03307EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 10:47 a.m.21 views

Security Bulletin: due to the use of Apache Tomcat, IBM webMethods developer portal is affected by Multiple Vulnerabilities

Summary Multiple vulnerabilities in ApacheTomcat have been addressed in IBM webMethods developer portal Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from...

10CVSS7.5AI score0.99945EPSS
Exploits50Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 10:43 a.m.6 views

Security Bulletin: Due to use of Apache Kafka, IBM Operations Analytics - Log Analysis is vulnerable to RCE/Denial of Service attack.

Summary Apache Kafka is used by IBM Operations Analytics - Log Analysis as part of Logstash data distribution capabilities. CVE-2025-27819. Vulnerability Details CVEID:CVE-2025-27819 DESCRIPTION: In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule...

8.8CVSS6.5AI score0.95302EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 8:36 a.m.10 views

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate vulnerabilities in libexpat, libxml2, libsoup and krb5 libraries. Review the Vulnerability Details section below for additional information. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack overflow vulnerability...

9.8CVSS8.1AI score0.26049EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 7:28 a.m.12 views

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to Spring Web Unsafe Deserialization [CVE-2016-1000027]

Summary There is a vulnerability called potential remote code execution RCE in the Spring Web open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. CVE-2016-1000027 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring...

9.8CVSS8.1AI score0.32257EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 11:50 p.m.8 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Spring framework (CVE-2025-41234)

Summary A vulnerability in the Spring framework that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION: Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflect...

6.5CVSS6.6AI score0.00533EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 10:36 p.m.5 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons FileUpload (CVE-2025-48976)

Summary A vulnerability in Apache Commons FileUpload that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

7.5CVSS6.5AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 10:31 p.m.5 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the urllib3 library.

Summary Multiple vulnerabilities in the urllib3 library that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all...

6.1CVSS6.4AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 10:25 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the Apache Kafka Client.

Summary Multiple vulnerabilities in the Apache Kafka Client that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the...

8.8CVSS6.7AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 10:21 p.m.3 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Requests HTTP library (CVE-2024-47081)

Summary A vulnerability in the Requests HTTP library that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to...

5.3CVSS6.5AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 10:15 p.m.5 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache XML Graphics FOP (CVE-2024-28168)

Summary A vulnerability in Apache XML Graphics FOP that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-28168 DESCRIPTION: Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apac...

7.5CVSS6.6AI score0.01003EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 10:5 p.m.10 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache XML Security for Java.

Summary Multiple vulnerabilities in Apache XML Security for Java that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-20945 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a local authenticated attacker...

6.5CVSS6.1AI score0.01212EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 9:54 p.m.10 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons (CVE-2025-48734)

Summary A vulnerability in Apache Commons that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used...

8.8CVSS7.1AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 9:45 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the setuptools package (CVE-2025-47273)

Summary A vulnerability in the setuptools package that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversa...

8.8CVSS7.9AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 9:18 p.m.8 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the Spring framework (CVE-2025-22233)

Summary A vulnerability in the Spring framework that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for reques...

5.3CVSS6.4AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 9:11 p.m.5 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Eclipse Jetty (CVE-2025-5115)

Summary A vulnerability in Eclipse Jetty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-5115 DESCRIPTION: In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send...

7.7CVSS6.4AI score0.01567EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 9:4 p.m.4 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Wink (CVE-2010-2245)

Summary A vulnerability in Apache Wink that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2010-2245 DESCRIPTION: XML External Entity XXE vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial o...

7.4CVSS6.6AI score0.1162EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 8:55 p.m.4 views

Security Bulletin: IBM InfoSphere Information Server is affected by an improper input validation vulnerability in Apache POI (CVE-2025-31672)

Summary An improper input validation vulnerability in Apache POI that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xls...

5.3CVSS6.3AI score0.01237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 8:44 p.m.3 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Netty (CVE-2025-25193)

Summary A vulnerability in Netty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsaf...

5.5CVSS6.2AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 8:30 p.m.43 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in VMware Tanzu Spring Framework

Summary Multiple vulnerabilities in VMware Tanzu Spring Framework that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerabl...

7.5CVSS7AI score0.54862EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 6:42 p.m.13 views

Security Bulletin: Vulnerabilities in Angular might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Angular. Vulnerabilities include a large carefully-crafted input, which can result in catastrophic backtracking and Cross-site Scripting XSS due to insecure page caching in the Internet Explorer browser as...

7.5CVSS7.9AI score0.05276EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 4:6 p.m.18 views

Security Bulletin: Buffer overflow, uncontrolled recursion, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to buffer overflow, uncontrolled recursion, and other. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7969 DESCRIPTION: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site...

9.8CVSS8AI score0.02164EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 3:58 p.m.5 views

Security Bulletin: IBM WebSphere Application Server is affected by a denial of service (CVE-2025-36099)

Summary IBM WebSphere Application Server is affected by a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-36099 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by sending a specially-crafted request. A privileged user could exploit...

4.9CVSS6.7AI score0.00299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 3:52 p.m.13 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service attacks due to http2 ( CVE-2023-44487 )

Summary Potential vulnerabilities in http2 package CVE-2023-44487 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset...

7.5CVSS7AI score0.99999EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 3:38 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Improper Restriction of XML External Entity Reference due to Eclipse JGit (CVE-2025-4949)

Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Improper Restriction of XML External Entity Reference due to Eclipse JGit. Vulnerability Details CVEID:CVE-2025-4949 DESCRIPTION: In Eclipse JGit versions 7.2.0.202503040940-r and older, the...

6.8CVSS6.8AI score0.0104EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 3:31 p.m.8 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime ( CVE-2025-50059, CVE-2025-30761 & CVE-2025-30754 )

Summary IBM App Connect Enterprise is vulnerable to Improper Access Control and Deserialization of Untrusted Data due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ...

8.6CVSS6AI score0.00551EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 3:24 p.m.5 views

Security Bulletin: Security vulnerability in IBM Business Automation Manager Open Editions in axios library.

Summary Vulnerable axios library was addressed updated in IBM Business Automation Manager Open Editions 9.3.0. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.11.0 runs on Node.js and is given ...

7.5CVSS6.5AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 3:23 p.m.7 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 9.3.0. Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue...

7.5CVSS6.9AI score0.03389EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 11:41 a.m.12 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2025-5187)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that may allow node users to delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. CVE-2025-5187. Vulnerability Details CVEID:...

6.7CVSS6.6AI score0.00434EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 10:29 a.m.12 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2025-33142)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

7.5CVSS6.4AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 9:45 a.m.6 views

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-36352 DESCRIPTION: IBM License Metric Tool is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

6.4CVSS6.3AI score0.00222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:45 a.m.4 views

Security Bulletin: Requests before 2.32.4 may leak .netrc credentials via malicious URLs due to a URL parsing flaw

Summary Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can...

5.3CVSS6.8AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:39 a.m.8 views

Security Bulletin:IBM Event Endpoint Management is vulnerable to Sensitive Information Leakage and Request Smuggling (CVE-2025-4673,CVE-2025-22871)

Summary Operator of IBM Event Endpoint Management is vulnerable to Sensitive Information Leakage and Request Smuggling due to apache HTTP pomponents. IBM Event Endpoint Management uses HTTP components to expose secure event APIs via its Event Gateway, enabling client applications to interact with...

9.1CVSS6.6AI score0.00724EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:33 a.m.4 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to Remote Code Execution and Server-Side Request Forgery attacks (CVE-2025-27818,CVE-2025-27817)

Summary Operator of IBM Event Endpoint Management is vulnerable to remote code execution and server-side request forgery due to unsafe deserialization and misconfigured OAuthBearer endpoints in SASL JAAS configuration. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security...

8.8CVSS7.9AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:32 a.m.3 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783)

Summary Operator of IBM Event Endpoint Management is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event...

9.4CVSS6.6AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:32 a.m.4 views

Security Bulletin: IBM Event Processing is vulnerable due to Incorrect Default Permissions (CVE-2025-30706)

Summary IBM Event Processing is vulnerable due to incorrect default permissions in the MySQL Connectors product specifically, Connector/J. This connector is used in IBM Event Processing to enable Java-based components to interact with MySQL databases for storing and retrieving event-related data...

7.5CVSS6.2AI score0.00552EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:31 a.m.6 views

Security Bulletin: IBM Event Processing is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).

Summary IBM Event Processing is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...

9.4CVSS6.6AI score0.01735EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608