Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/19 3:46 p.m.6 views

Security Bulletin: TOCTOU Race Condition in gosnowflake Logging Configuration Allows Local Privilege Misuse (Fixed in 1.13.3), affects watsonx.data

Summary gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On...

7CVSS6.4AI score0.00111EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 4:37 p.m.4 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (July 2025)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 2:54 p.m.5 views

Security Bulletin: Stored Cross-Site Scripting (XSS) Vulnerability in IBM Lakehouse Web UI Enables Privileged Code Injection, affects watsonx.data

Summary IBM Lakehouse is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. This can affect...

5.5CVSS6.1AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 2:54 p.m.4 views

Security Bulletin: Buffer Over-read in PostgreSQL GB18030 Encoding Validation Leading to Potential DoS , affects watsonx.data

Summary Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9,...

5.9CVSS5.9AI score0.00612EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 2:53 p.m.4 views

Security Bulletin: Sensitive Information Disclosure in IBM Lakehouse Through Stack Traces , affects watsonx.data

Summary IBM Lakehouse could potentially reveal sensitive information from stack traces that could be read by a local privileged user. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36146 DESCRIPTION: IBM Lakehouse could potentially reveal sensitive information from stack trace...

4.3CVSS5.9AI score0.00214EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 2:51 p.m.8 views

Security Bulletin: Information Disclosure in IBM Lakehouse Allows Authenticated Users to Obtain Server Component Version Details , affects watsonx.data

Summary IBM Lakehouse could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36181 DESCRIPTION: IBM Lakehouse could allow an authenticated...

6.1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 2:19 p.m.7 views

Security Bulletin: IBM Lakehouse Command Injection via Insufficient Input Sanitization , affects watsonx.data

Summary IBM Lakehouse could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36143 DESCRIPTION: IBM Lakehouse could allow an authenticated...

7.2CVSS7.3AI score0.00315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/18 7:50 a.m.12 views

Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.304 Vulnerability Details CVEID:CVE-2025-8194 DESCRIPTION: There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration...

7.8CVSS7AI score0.02164EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 7:31 p.m.11 views

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java

Summary IBM Enterprise Application Service for Java is affected by multiple vulnerabilities found in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in...

7.5CVSS7.1AI score0.63258EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:39 p.m.5 views

Security Bulletin: IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers

Summary IBM Watsonx BI is affected by use of on-headers in node.js middleware used for listening when a response writes headers. It has a bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead Vulnerability Detail...

3.4CVSS8.9AI score0.00174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:35 p.m.10 views

Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic

Summary IBM Watsonx BI is affected by a vulnerability found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression...

6.9CVSS6.4AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:31 p.m.4 views

Security Bulletin: IBM Watsonx BI is affected by use of jose v6.0.10 and was discovered to contain weak encryption

Summary IBM Watsonx BI is affected by use of jose v6.0.10 where the library uses a weak encryption algorithm, allowing an attacker to decrypt sensitive data Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a...

7CVSS7.1AI score0.00145EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:29 p.m.7 views

Security Bulletin: Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution (HPP)

Summary Watsonx BI is affected by the use of Insufficiently Random Values causing a vulnerability in form-data allowing HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. Vulnerability Details CVEID:CVE-2025-25724 DESCRIPTION: listitemverbose in...

7.8CVSS7.1AI score0.00329EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:23 p.m.3 views

Security Bulletin: IBM Watsonx BI is affected by a vulnerability in Multer node.js middleware for handling multipart/form-data

Summary Watsonx BI is affected by a vulnerability in Multer node.js middleware for handling multipart/form-data. This is starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. Vulnerability...

7.5CVSS6.9AI score0.00644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 5:19 p.m.8 views

Security Bulletin: IBM Watsonx BI is affected by a vulnerability found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic.

Summary Watsonx BI has a vulnerability found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity...

7.5CVSS6.3AI score0.007EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 1:40 p.m.23 views

Security Bulletin: IBM Observability with Instana (OnPrem) has addressed multiple vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.303 Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure...

9.1CVSS7.9AI score0.70561EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 10:47 a.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM fo...

8.1CVSS6.1AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/17 10:41 a.m.18 views

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)

Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time CVE-2025-21587, CVE-2025-30698, CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL...

7.8CVSS6.6AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 11:56 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server Pattern shipped with IBM Cloud Pak System

Summary IBM Cloud Pak System WebSphere Application Server Pattern WAS pType is vulnerable to multiple vulnerabilities in IBM SDK. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker...

5.3CVSS5.6AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 7:29 p.m.8 views

Security Bulletin: IBM Rational Developer for i is affected by an HTTP Parameter Pollution vulnerability in form-data (CVE-2025-7783)

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP in the Code Coverage functionality within IBM Rational Developer for i. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...

9.4CVSS6.7AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 5:56 p.m.8 views

Security Bulletin: SSPSS Collaboration and Deployment Services is affected by multiple vulnerabilities (CVE-2025-8916, CVE-2025-8885, CVE-2025-48976)

Summary SSPSS Collaboration and Deployment Services is affected by multiple vulnerabilities CVE-2025-8916, CVE-2025-8885, CVE-2025-48976. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling...

7.5CVSS6.8AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 3:6 p.m.6 views

Security Bulletin: AIX/VIOS is vulnerable to a race condition in directory handling due to Perl (CVE-2025-40909)

Summary Vulnerability in Perl could allow a local attacker to load code or access files from unexpected locations CVE-2025-40909. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2025-40909 DESCRIPTION: Perl threads have a working directory race condition wher...

5.9CVSS6.4AI score0.00368EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 2:27 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-5889]

Summary Node.js module brace-expansion is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js module...

3.1CVSS5.4AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 12:29 p.m.5 views

Security Bulletin: IBM ICCSAP cross site scripting vulnerablity fix.

Summary Vulnerability were disclosed part of Cross Site Scripting With PDF Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126,...

8.8CVSS7.8AI score0.72648EPSS
Exploits15Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 11:52 a.m.3 views

Security Bulletin: WebSphere Application Server bundled with IBM Tivoli Composite Application Manager for Application Diagnostics is affected by a remote attacker to bypass security restrictions

Summary WebSphere Application Server is included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. CVE-2024-56339 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

7.5CVSS6.6AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 10:13 a.m.30 views

Security Bulletin: IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493.

Summary IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

8.2CVSS6.7AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 9:57 a.m.12 views

Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.302 Vulnerability Details CVEID:CVE-2025-0913 DESCRIPTION: os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a...

9.1CVSS6.7AI score0.73495EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 4:54 a.m.15 views

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition could provide weaker than expected security for TLS connections

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, could provide weaker than expected security for TLS connections. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/16 4:47 a.m.7 views

Security Bulletin: IBM App Connect Enterprise Toolkit and Intregation Bus for z/OS Toolkit are vulnerable to an Origin Validation Error due to Paho Java Client ( CVE-2019-11777 )

Summary IBM App Connect Enterprise Toolkit and Intregation Bus for z/OS Toolkit are vulnerable to an Origin Validation Error due to Paho Java Client. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server...

7.5CVSS6.5AI score0.00827EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 6:24 p.m.12 views

Security Bulletin: Vulnerability in HMC affects improper neutralization of input during web page generation ('Cross-site Scripting') (CVE-2025-36125) on Power HMC.

Summary Vulnerability in HMC affects improper neutralization of input during web page generation 'Cross-site Scripting' on Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-36125 DESCRIPTION: IBM Hardware Management Console - Power i...

6.4CVSS5.9AI score0.00201EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 4:27 p.m.9 views

Security Bulletin: IBM OpenPages Application API Response Caching Header Update

Summary Some IBM OpenPages API responses currently use the caching directive Cache-Control: max-age=0 instead of the more secure Cache-Control: no-store. While max-age=0 means the content is immediately stale, it may still be stored temporarily in browsers or intermediary caches. For sensitive...

4CVSS6.4AI score0.0012EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 3:56 p.m.5 views

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2025 - Includes OpenJDK April 2025 CPU plus two additional CVEs

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Apr 2025 - Includes OpenJDK April 2025 CPU with CVEs CVE-2025-21587, CVE-2025-30698, CVE-2025-2900, and CVE-2025-4447 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.8CVSS6.6AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 3:52 p.m.2 views

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU plus two additional CVEs

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2024 - Includes OpenJDK July 2024 CPU with CVEs CVE-2024-21217, CVE-2024-21208, CVE-2024-10917, CVE-2024-9143 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.3CVSS6.7AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 3:50 p.m.5 views

Security Bulletin: IBM OpenPages fixes multer package vulnerability

Summary Vulnerability in the multer-1.4.5-lts.1.tgz package with IBM OpenPages has been addressed in the latest IBM OpenPages fix pack version for 9.0 and mod version for 9.1 Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data...

7.5CVSS7.1AI score0.00697EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 2:46 p.m.6 views

Security Bulletin: IBM watsonx Code Assistant On Prem product affected by h11 HTTP Chunk Handling Vulnerability

Summary A vulnerability CVE-2025-43859 has been identified in the h11 Python library, which impacts the IBM watsonx Code Assistant On-Premises product. This bulletin outlines the necessary steps to address and remediate the vulnerability. Vulnerability Details CVEID:CVE-2025-43859 DESCRIPTION: h1...

9.1CVSS7AI score0.00522EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 1:42 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager ( CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

8.1CVSS6.7AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 1:10 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability ha...

8.8CVSS6.8AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 7:56 a.m.2 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses crypto/x509 which is vulnerable to this CVE-2025-22874

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses crypto/x509 which is vulnerable to this CVE-2025-22874 Vulnerability Details CVEID:CVE-2025-22874 DESCRIPTION: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally...

7.5CVSS6.7AI score0.00311EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/15 7:4 a.m.7 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF001 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be us...

9.8CVSS7.3AI score0.0124EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 10:12 p.m.9 views

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product ...

4.8CVSS5.3AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 9:17 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.3CVSS6.6AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 9:16 p.m.2 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

5.3CVSS6.6AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 9:14 p.m.8 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

5.3CVSS6.6AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 8:46 p.m.3 views

Security Bulletin: A vulnerability in IBM Java SDK (July 2025) affects IBM InfoSphere Information Server (CVE-2025-30754)

Summary There is a vulnerability in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. The issue was disclosed as part of the IBM Java SDK updates in July 2025. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Jav...

4.8CVSS5.2AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 5:11 p.m.8 views

Security Bulletin: This Power System update is being released to address CVE-2025-36035

Summary The PowerVM hypervisor is vulnerable to a carefully crafted IBMi hypervisor call that can crash system or make a limited amount of system memory available Vulnerability Details CVEID:CVE-2025-36035 DESCRIPTION: The PowerVM hypervisor could allow a local privileged user to cause a denial o...

6.7CVSS6.2AI score0.00123EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 4:53 p.m.17 views

Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities.

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. CVE-2025-21587, CVE-2025-30698, CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE...

7.8CVSS6.7AI score0.00688EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 3:32 p.m.4 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerabilities [CVE-2024-57965, CVE-2025-27152]

Summary IBM Security SOAR uses an older version of axios that may be identified and exploited. Updates for supported versions have been released which address the issues. It is recommended customers upgrade to the latest applicable fix pack 51.0.7.0 Vulnerability Details CVEID:CVE-2024-57965...

9.8CVSS6.7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 11:21 a.m.12 views

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-22097 DESCRIPTION: In the Linux kernel, the following vulnerability has...

7.8CVSS6.3AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 11:18 a.m.7 views

Security Bulletin: IBM QRadar SIEM is affected by by improper permission assignment (CVE-2025-0164)

Summary IBM QRadar SIEM is affected by improper permission assignment. Local privileged users may perform unauthorized actions on configuration files. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-0164 DESCRIPTION: IBM QRadar SIEM could allow a local...

2.3CVSS6.2AI score0.00119EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/12 7:33 a.m.3 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-50059...

8.6CVSS6.6AI score0.01058EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608