Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:31 a.m.6 views

Security Bulletin:IBM Event Streams is vulnerable to Regular Expression Denial of Service (ReDoS) ( CVE-2025-1302).

Summary IBM Event Streams is vulnerable to Regular Expression Denial of Service ReDoS caused by Inefficient Regular Expression Complexity. This issue affects JavaScript code that is compiled using certain versions of Babel . Babel is a JavaScript transcompiler used for converting modern JavaScrip...

9.8CVSS6.7AI score0.10701EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:30 a.m.4 views

Security Bulletin:IBM Event Streams is vulnerable to HTTP Parameter Pollution (HPP) attack (CVE-2025-7783).

Summary IBM Event Streams is vulnerable to an HTTP Parameter Pollution HPP attack due to the use of random values in the form-data module. This vulnerability affects how data from HTML forms is processed, particularly during form submission or when interacting with event listeners tied to form...

9.4CVSS6.6AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:23 a.m.6 views

Security Bulletin:urllib3 before 2.5.0 fails to properly enforce redirect controls in PoolManager and Pyodide environments, exposing apps to SSRF and open redirect risks

Summary urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application...

6.1CVSS6.6AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:23 a.m.4 views

Security Bulletin: Axios before 1.8.2 allows SSRF and credential leakage when using absolute URLs despite baseURL setting

Summary axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This...

8.7CVSS6.4AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:21 a.m.4 views

Security Bulletin: Axios exposes confidential XSRF-TOKEN in all requests via X-XSRF-TOKEN header

Summary An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTIO...

6.5CVSS6.3AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:21 a.m.5 views

Security Bulletin: Axios before 1.7.8 uses setAttribute('href') in isURLSameOrigin.js, raising potential security concern

Summary In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a...

9.8CVSS7.1AI score0.00356EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 7:17 a.m.1 views

Security Bulletin: urllib3 Proxy-Authorization header only applies with ProxyManager, not direct requests

Summary urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

6.5CVSS6.7AI score0.01141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/27 2:35 p.m.12 views

Security Bulletin: Vulnerability in certifi, flask, idna, urllib3 and axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in certifi, flask, idna, urllib3 and axios. Vulnerabilities include allowing an attacker to cause a denial of service, obtain sensitive information and gain access to launch further attacks on the systems...

7.5CVSS7.7AI score0.01386EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/27 3:24 a.m.7 views

Security Bulletin: A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30).

Summary A vulnerability has been identified in OPUPI0 AMQP/MQTT All versions V5.30. Vulnerability Details CVEID:CVE-2024-31486 DESCRIPTION: A vulnerability has been identified in OPUPI0 AMQP/MQTT All versions V5.30. The affected devices stores MQTT client passwords without sufficient protection o...

6CVSS6.5AI score0.00497EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/27 3:16 a.m.4 views

Security Bulletin: Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.

Summary Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. Vulnerability Details CVEID:CVE-2024-4340 DESCRIPTION: Passing a heavily nested list to sqlparse.parse leads to a Denial of Service due to RecursionError. CWE:CWE-674: Uncontrolled Recursio...

7.5CVSS6.5AI score0.0321EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 10:34 p.m.3 views

Security Bulletin: IBM i is affected by a security configuration vulnerability in IBM WebSphere Application Server Liberty [CVE-2024-56339]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to bypassing of security restrictions caused by failure to honor the security configuration CVE-2024-56339 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM...

7.5CVSS6.6AI score0.00373EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 9:21 p.m.4 views

Security Bulletin: Multiple vulnerabilities may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-5889, CVE-2025-7339)

Summary There are multiple vulnerabilities in brace-expansion and on-headers used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability...

3.4CVSS5.4AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 7:31 p.m.4 views

Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Linux Kernel. A local attacker could exploit this vulnerability to cause a denial of service Vulnerability Details IBM X-Force ID: 383938 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused ...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 7:29 p.m.12 views

Security Bulletin: Vulnerabilities in Marked, Minimatch and Logback might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Marked, Minimatch and Logback. Vulnerabilities include causing regular expression denial of service ReDoS, allows an attacker to mount a Denial-Of-Service attack by sending poisoned data, and allowing to execu...

7.5CVSS7.9AI score0.02828EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 6:33 p.m.10 views

Security Bulletin: Vulnerabilities in Bouncy Castle, Eclipse JGit and Node.js diff might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Bouncy Castle, Eclipse JGit and Node.js diff. Vulnerabilities include vulnerable to padding oracle attack, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistic...

7.5CVSS8.2AI score0.08878EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 6:33 p.m.9 views

Security Bulletin: Vulnerabilities in Jettison, Hawk and tim-newlines might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Jettison, Hawk and tim-newlines. Vulnerabilities include causing a denial of service attack, causing a Denial of Service DoS via crafted JSON data, allows attackers to cause a Denial of Service DoS via a craft...

7.5CVSS7.3AI score0.02901EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 6:32 p.m.18 views

Security Bulletin: Vulnerabilities in Netty-codec and Netty-handler might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Netty-codec and Netty-handler. Vulnerabilities include an incorrect validation of special crafted packet via SslHandler can lead to a native crash, the SniHandler can allocate up to 16MB of heap for each chann...

7.8CVSS6.7AI score0.99999EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 6:32 p.m.11 views

Security Bulletin: Vulnerabilities in Apache Tomcat and form-data might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Apache Tomcat and form-data. Vulnerabilities include a memory leak which result in a denial of service, possible for a specially crafted request to bypass some rewrite rules which could be bypassed security...

9.8CVSS6.8AI score0.66933EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 2:26 p.m.5 views

Security Bulletin: IBM i is affected by denial of service vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-36097, CVE-2025-36047, CVE-2025-48976]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to a denial of service by sending a specially crafted request that causes the server to consume excessive memory resources CVE-2025-36097, CVE-2025-36047 and by allocation of resources for multipart headers with insufficient...

7.5CVSS6.9AI score0.63258EPSS
Exploits1Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 2:23 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera HTTP Gateway

Summary Multiple vulnerabilities were addressed in IBM Aspera HTTP Gateway version 2.3.2. Vulnerability Details CVEID:CVE-2025-36274 DESCRIPTION: IBM Aspera HTTP Gateway stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user. CWE:CWE-312...

7.5CVSS6.5AI score0.00856EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 11:5 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in llama_index-0.12.29-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of llamaindex-0.12.29-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-1793 DESCRIPTION: Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabiliti...

9.8CVSS8AI score0.00581EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 11:5 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonpath-plus-10.2.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonpath-plus-10.2.0.tgz Vulnerability Details CVEID:CVE-2025-1302 DESCRIPTION: Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacke...

9.8CVSS7.5AI score0.10701EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 11:4 a.m.16 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in h11-0.14.0-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of h11-0.14.0-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding...

9.1CVSS6.6AI score0.00522EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 8:27 a.m.4 views

Security Bulletin: IBM Lakehouse stores potentially sensitive information in log files that could be read by a local user, affects watsonx.data

Summary IBM Lakehouse stores potentially sensitive information in log files that could be read by a local user. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36144 DESCRIPTION: IBM Lakehouse stores potentially sensitive information in log files that could be read by a local...

5.5CVSS6AI score0.00116EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 8:6 a.m.5 views

Security Bulletin: A vulnerability in Formidable (aka node-formidable) may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-46653)

Summary There is a vulnerability in Formidable aka node-formidable used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION: Formidable aka...

3.1CVSS6.6AI score0.00357EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 8:4 a.m.11 views

Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-48924)

Summary There is a vulnerability in Apache Commons Lang used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability...

5.3CVSS6.3AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 10:17 p.m.11 views

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2024-43192

Summary Certain HTML forms in the web GUI did not use anti-CSRF tokens, allowing attackers to trick authenticated users into performing unintended actions. The issue has been resolved by adding CSRF protection to the affected forms. Vulnerability Details CVEID:CVE-2024-43192 DESCRIPTION: IBM...

8.8CVSS6.5AI score0.00156EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 5:18 p.m.16 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.4 Vulnerability Details CVEID:CVE-2016-10228 DESCRIPTION: The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNO...

7.5CVSS8.6AI score0.51733EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 4:59 p.m.12 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2021-43784 DESCRIPTION: runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a...

7.5CVSS8.1AI score0.03389EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 4:50 p.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Console

Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.7. Vulnerability Details CVEID:CVE-2022-44566 DESCRIPTION: A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed intege...

10CVSS7.9AI score0.07497EPSS
Exploits13Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 11:52 a.m.17 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

10CVSS7.8AI score0.99945EPSS
Exploits46Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 11:52 a.m.9 views

Security Bulletin: Vulnerability in FreeType affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in FreeType has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.1CVSS7.7AI score0.26049EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 11:52 a.m.6 views

Security Bulletin: Vulnerabilities in pbkdf2 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerabilities in pbkdf2 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.1CVSS6.7AI score0.00387EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 11:51 a.m.19 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerabilities in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

10CVSS8.1AI score0.99945EPSS
Exploits61Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 10:40 a.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to HTTP parameter pollution [CVE-2025-7783]

Summary Node.js module form-data is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to HTTP parameter pollution. This bulletin provides patch information to address the reported vulnerability in Node.js module form-dat...

9.4CVSS4.9AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 7:15 a.m.10 views

Security Bulletin: Due to the use of CKEditor, IBM Engineering Lifecycle Management - Jazz Foundation is affected by a Cross-Site scripting vulnerability

Summary Below vulnerability has been identified in CKEditor, which has been addressed by IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2023-4771 DESCRIPTION: A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15....

6.1CVSS6.2AI score0.00878EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 6:49 a.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-22874 DESCRIPTION: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected...

7.8CVSS6AI score0.00311EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/24 6:25 p.m.8 views

Security Bulletin: The IBM® Engineering Lifecycle Management - Jazz Foundation is impacted by Relative Path Traversal vulnerability.

Summary A vulnerability has been identified in IBM Engineering Lifecycle Management -Jazz Foundation, due to relative path traversal. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2025-25048 DESCRIPTION: IBM Jazz Foundation...

6.5CVSS6.6AI score0.00306EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/24 2:59 p.m.7 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of...

8.1CVSS6.6AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/24 2:59 p.m.5 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to...

8.1CVSS6.6AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/24 1:3 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754).

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 17, used by IBM Tivoli Network Manager IP Edition v4.2 core components. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

8.1CVSS7AI score0.00611EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/24 9:37 a.m.14 views

Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server Replication Services

Summary Vulnerabilities exists in IBM Netezza Performance Server Replication Services are addressed in 3.0.5.0 Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled ...

9.8CVSS7.5AI score0.08343EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/24 8:21 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218

Summary IBM Maximo Application Suite - Manage Component uses org.eclipse.core.runtime 3.10.0.v20140318-2214 which is vulnerable to CVE-2023-4218.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE...

5CVSS6.3AI score0.00386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/24 7:48 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to form-data-4.0.3.tgz CVE-2025-7783

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to form-data-4.0.3.tgz CVE-2025-7783. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in...

9.4CVSS6.9AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/24 6:52 a.m.2 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-50059 and CVE-2025-50106)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 17 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability ...

8.6CVSS6.6AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/24 3:18 a.m.7 views

Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Configuration Manager IP Edition (ITNCM) version 6.4.2 Fix Pack 23 (6.4.2.23)

Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 23 6.4.2.23 Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to...

8.1CVSS8.4AI score0.02164EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 10:8 p.m.7 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Cloudkit are now included (CVE-2025-30204)

Summary The following vulnerabilities that can affect IBM Storage Scale and the Cloudkit and could provide weaker than expected security are now fixed CVE-2025-30204. Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Starting in version...

7.5CVSS6.5AI score0.00693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 9:35 p.m.6 views

Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in libxml2

Summary IBM Watsonx BI is affected by a vulnerability found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of...

9.1CVSS6.8AI score0.01437EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 9:33 p.m.7 views

Security Bulletin: IBM Watsonx BI is affected by use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP).

Summary Watsonx BI use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in...

9.4CVSS6.5AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 9:2 p.m.9 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006, 24.0.1-IF004 and 25.0.0-IF001. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random...

9.4CVSS6.6AI score0.01735EPSS
Exploits2Affected Software2
Total number of security vulnerabilities35608