Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 8:54 p.m.9 views

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2025-36088

Summary The web GUI did not sufficiently sanitize user input in certain dialogs, allowing HTML or JavaScript to be stored and later displayed to other users. Malicious code would only execute if a user opened the affected event entry. The issue has been resolved by adding proper input sanitizatio...

5.4CVSS6AI score0.00166EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 8:53 p.m.12 views

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2021-23450

Summary The tape library web GUI used an outdated version of the JavaScript library dojo.js containing a prototype pollution vulnerability. This could potentially be leveraged to facilitate XSS attacks in the browser, or, if executed server-side, to enable remote code execution. The issue has bee...

9.8CVSS7.6AI score0.30367EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 4:37 p.m.6 views

Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Java Runtime Environments and IBM Semeru Runtimes are used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been updated in order to address the multip...

8.1CVSS6.4AI score0.01058EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 4:30 p.m.3 views

Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.

Summary Java Runtime Environments and IBM Semeru Runtimes are used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have been updated in order to address the multip...

8.6CVSS6.8AI score0.01058EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 12:45 p.m.7 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses pyjwt v2.10.1 library which is vulnerable to CVE-2025-45768

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses pyjwt v2.10.1 library which is vulnerable to CVE-2025-45768. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-45768 DESCRIPTION: pyjwt v2.10.1 was...

7CVSS6.8AI score0.0016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 12:42 p.m.4 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses vulnerable huggingface/transformers library. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of...

6.5CVSS6.2AI score0.00384EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 8:59 a.m.9 views

Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Match 360 On Cloud Pak for Data

Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have now addressed. Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Jav...

8.6CVSS7AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 7:26 a.m.5 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses PyTorch which is vulnerable to CVE-2025-4287. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4287 DESCRIPTION: A vulnerability was found in PyTor...

4.8CVSS3.2AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 7:25 a.m.8 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Starlette framework which is vulnerable to CVE-2025-54121.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Starlette framework which is vulnerable to CVE-2025-54121. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a...

5.3CVSS7.1AI score0.0053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 7:25 a.m.12 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbu...

5.8CVSS7AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 7:24 a.m.3 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang which is vulnerable to CVE-2025-48924

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Apache Commons Lang. which is vulnerable to CVE-2025-48924. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled...

5.3CVSS7.5AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 7:23 a.m.5 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

5.3CVSS6.2AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 7:22 a.m.7 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses AIOHTTP asynchronous Python parser which is vulnerable to CVE-2025-53643.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses AIOHTTP asynchronous Python parser which is vulnerable to CVE-2025-53643. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-53643 DESCRIPTION: AIOHT...

7.5CVSS7.2AI score0.00297EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 4:56 p.m.3 views

Security Bulletin: IBM Sterling Connect:Express for Microsoft Windows is vulnerable to brute force password guessing attacks (CVE-2025-36064)

Summary There is a vulnerability related to brute force password guessing attacks in IBM Sterling Connect:Express for Microsoft Windows. IBM Sterling Connect:Express for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36064 DESCRIPTION: IBM Sterling...

5.9CVSS6.6AI score0.00475EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 2:13 p.m.6 views

Security Bulletin: IBM Master Data Management is vulnerable to arbitrary code execution from vulnerability in WebSphere Application Server (CVE-2025-36038)

Summary IBM Master Data Management is vulnerable to arbitrary code execution by a vulnerability found in IBM WebSphere Application Server. IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of...

9.8CVSS8.1AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:20 p.m.8 views

Security Bulletin: Vulnerability in DataBinder affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in DataBinde has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

5.3CVSS6.5AI score0.05666EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:19 p.m.11 views

Security Bulletin: Vulnerability in Multer affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Multer has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

7.5CVSS6.7AI score0.00644EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:19 p.m.4 views

Security Bulletin: Vulnerability in setuptools affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in setuptool has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.8CVSS8AI score0.01479EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:19 p.m.3 views

Security Bulletin: Vulnerability in Multer affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Multer has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

7.5CVSS7.1AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:19 p.m.6 views

Security Bulletin: Vulnerability in http-proxy-middleware affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerabilities in http-proxy-middleware has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

5.3CVSS6.7AI score0.00414EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:19 p.m.5 views

Security Bulletin: Vulnerability in DOMPurify affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in DOMPurify has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.5CVSS6.4AI score0.00394EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:18 p.m.10 views

Security Bulletin: Vulnerability in Vega affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Vega has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

5.3CVSS6.6AI score0.00477EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:18 p.m.6 views

Security Bulletin: Vulnerability in tar-fs package affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in tar-fs has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

7.5CVSS6.4AI score0.02186EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:18 p.m.7 views

Security Bulletin: Vulnerability in JSON affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in JSON has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

7.5CVSS6.5AI score0.00665EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:18 p.m.2 views

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Eclipse Jetty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.2CVSS6.8AI score0.00432EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:18 p.m.11 views

Security Bulletin: Vulnerability in Babel affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Babel has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

6.2CVSS6.7AI score0.00478EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:18 p.m.6 views

Security Bulletin: Vulnerability in BIND affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerabilities in BIND has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

7.5CVSS6.4AI score0.02114EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 1:17 p.m.13 views

Security Bulletin: Vulnerability in WebFlux.fn affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in WebFlux.fn has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.5CVSS6.6AI score0.14718EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 12:7 p.m.6 views

Security Bulletin: IBM webMethods Integration Sever is affected by vulnerable lucene-suggest-8.9.0.jar

Summary IBM webMethods Integration Sever is affected by vulnerable lucene-suggest-8.9.0.jar. CWE-400 Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 11:37 a.m.5 views

Security Bulletin: IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML

Summary IBM webMethods Integration Sever is affected by remote code execution via pub.xslt.transformSerialXML. CVE-2025-36202 Vulnerability Details CVEID:CVE-2025-36202 DESCRIPTION: IBM webMethods Integration could allow an authenticated user with required execute Services to execute commands on...

8.8CVSS8.1AI score0.00316EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 11:8 a.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms

Summary Multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in July 2025 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle...

8.1CVSS6.4AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/22 8:41 a.m.12 views

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang...

7.5CVSS5.8AI score0.64718EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:38 a.m.12 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in transformers-4.48.3-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48...

7.5CVSS6.9AI score0.00507EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:38 a.m.10 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in transformers-4.48.3-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of transformers-4.48.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-1194 DESCRIPTION: A Regular Expression Denial of Service ReDoS vulnerability was identified in the huggingface/transformers library, specifically in...

6.5CVSS6.4AI score0.00384EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:38 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-3000 DESCRIPTION: A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The...

7.5CVSS5.4AI score0.004EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:36 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in request-2.88.2.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of request-2.88.2.tgz Vulnerability Details CVEID:CVE-2023-28155 DESCRIPTION: The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol...

6.1CVSS6.6AI score0.00719EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:35 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in protobuf-5.29.3-cp310-abi3-win32.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of protobuf-5.29.3-cp310-abi3-win32.whl Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of...

8.2CVSS6.7AI score0.00281EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:35 a.m.12 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-4287 DESCRIPTION: A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function...

4.8CVSS5.4AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:33 a.m.7 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in postgresql-42.7.6.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of postgresql-42.7.6.jar Vulnerability Details CVEID:CVE-2025-49146 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel bindin...

8.2CVSS6.5AI score0.00461EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:27 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in nimbus-jose-jwt-9.24.4.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of nimbus-jose-jwt-9.24.4.jar Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header valu...

7.5CVSS6.5AI score0.00814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:27 a.m.18 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in multer-1.4.5-lts.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of multer-1.4.5-lts.1.tgz Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory lea...

7.5CVSS7.1AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:27 a.m.26 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in multer-1.4.5-lts.1.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of multer-1.4.5-lts.1.tgz Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to...

8.7CVSS6.7AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:26 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jinja2-3.1.5-py3-none-any.whl

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jinja2-3.1.5-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr...

8.8CVSS7.1AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:21 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in golang.org/x/net-v0.25.0

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of golang.org/x/net-v0.25.0 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely...

5.3CVSS6.5AI score0.00856EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:17 a.m.4 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in golang.org/x/crypto-v0.33.0

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of golang.org/x/crypto-v0.33.0 Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key...

7.5CVSS6.5AI score0.00868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:16 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in dompurify-3.2.4.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of dompurify-3.2.4.tgz Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE:...

7.5CVSS6.3AI score0.00394EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 12:57 a.m.5 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec (CVE-2025-58056, CVE-2025-55163, CVE-2025-58057).

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec CVE-2025-58056, CVE-2025-55163, CVE-2025-58057. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network...

8.2CVSS6.6AI score0.00979EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 12:54 a.m.18 views

Security Bulletin: IBM SPSS Analytic Server is affected by a Denial of Service (DoS) vulnerability in Apache Commons FileUpload.

Summary IBM SPSS Analytic Server is affected by a Denial of Service DoS vulnerability in Apache Commons FileUpload. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits...

7.5CVSS6.7AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/19 6:17 p.m.7 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Woodstox

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Woodstox CVE-2022-40151, CVE-2022-40155, CVE-2022-40153, CVE-2022-40152, CVE-2022-40154, CVE-2022-40156. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2022-40151...

7.5CVSS6.5AI score0.19653EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/19 5:33 p.m.8 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-56339, CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-36097, CVE-2025-48976)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-56339,CVE-2025-36047, CVE-2025-36124, CVE-2025-36000, CVE-2025-36097, CVE-2025-48976. This has been addressed in the remediation section. Vulnerability Details...

7.5CVSS6.8AI score0.64718EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608