Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 7:14 a.m.6 views

Security Bulletin: Vulnerability in libxml2 library (CVE-2025-32414) affects Power HMC.

Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-32414 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings...

7.5CVSS6.8AI score0.0033EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 7:10 a.m.11 views

Security Bulletin: Vulnerability in libxslt library (CVE-2023-40403) affects Power HMC.

Summary The libxslt library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-40403 DESCRIPTION: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadO...

6.5CVSS5.8AI score0.01092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 7:7 a.m.8 views

Security Bulletin: Vulnerabilities in libsoup library (CVE-2025-2784, CVE-2025-4948, CVE-2025-32049, CVE-2025-32914) affect Power HMC.

Summary The libsoup library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-2784 DESCRIPTION: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the...

7.5CVSS6.6AI score0.00821EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/08 3:33 p.m.3 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons (CVE-2025-48924)

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache Commons CVE-2025-48924. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue...

5.3CVSS6.5AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/08 2:30 p.m.8 views

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a cri-o security vulnerability (CVE-2024-8676)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability that may allow a malicious user to trick cri-o into restoring a pod that doesn't have CVE-2024-8676 Vulnerability Details CVEID: CVE-2024-8676 Description: A vulnerability was found in CRI-O, where it can be requested ...

7.4CVSS6.4AI score0.00773EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/08 2:27 p.m.4 views

Security Bulletin: IBM QRadar App SDK for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users o...

7.5CVSS6.9AI score0.66594EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/08 1:25 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to tar-fs-1.16.4.tgz CVE-2025-48387

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to tar-fs-1.16.4.tgz CVE-2025-48387. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48387 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versio...

8.7CVSS6.8AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/08 6:10 a.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cer...

8.8CVSS8.1AI score0.91969EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 7:4 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-32415 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploi...

9.8CVSS8.6AI score0.73495EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 3:36 p.m.6 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by a remote attack to the root directory which results in a Denial of Service (DoS) condition

Summary IBM Engineering Lifecycle Management could allow an unauthenticated remote attacker to update server configuration files which would allow them to perform unauthorized actions, subsequently leading to a Denial of Service condition. The associated CVE is addressed. Vulnerability Details...

9.8CVSS6.8AI score0.005EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 11:1 a.m.7 views

Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application (CVE-2025-27817,CVE-2025-27818)

Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Asset Management application CVE-2025-27817,CVE-2025-27818 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apach...

8.8CVSS7.3AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 11:1 a.m.5 views

Security Bulletin: There is a vulnerability in urllib3-2.4.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-50181,CVE-2025-50182)

Summary There is a vulnerability in urllib3-2.4.0-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable...

6.1CVSS6.3AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 11:0 a.m.7 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management ( CVE-2025-33142)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS6.1AI score0.00252EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 10:59 a.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS8.7AI score0.00399EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 10:58 a.m.8 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-48976)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS7.5AI score0.63258EPSS
Exploits1Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 10:57 a.m.8 views

Security Bulletin: There is a vulnerability in dojo-1.17.3.js used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273)

Summary There is a vulnerability in dojo-1.17.3.js used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. CWE:CWE-1321: Improperly...

9.8CVSS6.8AI score0.30367EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 7:9 a.m.2 views

Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3

Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 7:7 a.m.5 views

Security Bulletin: Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.7 SP2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.7 SP2 are available to download from Cloudera and IBM. Vulnerability Details CVEID:CVE-2017-7657 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked...

9.8CVSS8.6AI score0.20985EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 7:7 a.m.4 views

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1

Summary Common vulnerabilities fixed in Cloudera Data Platform Private Cloud Base 7.1.9 SP1 Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attacker to traverse directories on the system, caused by improper validation of user supplied input. An attacker coul...

7.5CVSS6.7AI score0.05664EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 7:7 a.m.3 views

Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3

Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/05 7:6 a.m.4 views

Security Bulletin: Multiple Vulnerabilities discovered in Cloudera Data Platform Private Cloud Base with IBM 7.1.7 SP2

Summary Multiple Vulnerabilities discovered in Cloudera Data Platform Private Cloud Base with IBM 7.1.7 SP2 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Cloudera Data Platform Priva...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:49 p.m.13 views

Security Bulletin: Astronomer with IBM is vulnerable to weak encryption due to the jose package (CVE-2025-45767)

Summary Jose is used by Astronomer with IBM as part of the JSON encryption functionality. Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security...

7CVSS6.9AI score0.00145EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:48 p.m.5 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to improper access control due to the linux-pam package (CVE-2025-6020)

Summary Linux-pam is used by DataStage on Cloud Pak for Data as part of the authentication functionality. Vulnerability Details CVEID:CVE-2025-6020 DESCRIPTION: A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local...

7.8CVSS6.3AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:47 p.m.4 views

Security Bulletin: Astronomer with IBM is vulnerable to request smuggling due to the Ruby WEBrick package (CVE-2025-6442)

Summary WEBrick is used by Astronomer with IBM as part of the application processing functionality. Vulnerability Details CVEID:CVE-2025-6442 DESCRIPTION: Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on...

6.5CVSS6.8AI score0.00422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:46 p.m.5 views

Security Bulletin: Astronomer with IBM is vulnerable to unintentional traffic forwarding due to kube-proxy (CVE-2021-25736)

Summary Kube-proxy is used by Astronomer with IBM as part of Kubernetes functionality. Vulnerability Details CVEID:CVE-2021-25736 DESCRIPTION: Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port “spec.ports.port” as a LoadBalancer Service when t...

6.3CVSS6.1AI score0.00908EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:45 p.m.4 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to untrusted library loading due to the GNU C library (CVE-2025-4802)

Summary The GNU C library is used by DataStage on Cloud Pak for Data as part of general processing. Vulnerability Details CVEID:CVE-2025-4802 DESCRIPTION: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...

7.8CVSS6.7AI score0.00422EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:44 p.m.11 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to extraction filter issues due to the python package (CVE-2025-4330, CVE-2025-4435)

Summary Python is used by DataStage on Cloud Pak for Data as part of general processing functionality. Vulnerability Details CVEID:CVE-2025-4330 DESCRIPTION: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of so...

7.5CVSS7.8AI score0.00767EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:40 p.m.7 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to allocation of resource abuse due to the commons-fileupload package (CVE-2025-48976)

Summary Commons-fileupload is used by DataStage on Cloud Pak for Data as part of the file handling functionality. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload...

7.5CVSS6.7AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 10:39 p.m.13 views

Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2005-2541 DESCRIPTION: Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gai...

10CVSS9.5AI score0.73327EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 1:16 p.m.6 views

Security Bulletin: IBM MQ is vulnerable to a password disclosure vulnerability.

Summary IBM MQ has addressed a password disclosure vulnerability CVE-2025-36100 Vulnerability Details CVEID:CVE-2025-36100 DESCRIPTION: IBM MQ Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user. CWE:CWE-260: Password in Configurati...

5.5CVSS6.2AI score0.00094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 1:16 p.m.4 views

Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition which is shipped with IBM MQ Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java ...

8.1CVSS6.3AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 12:58 p.m.6 views

Security Bulletin: The B2B API of IBM Stering B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting (CVE-2025-2694)

Summary IBM Stering B2B Integrator and IBM Sterling File Gateway have addressed the cross-site scripting vulnerability Vulnerability Details CVEID:CVE-2025-2694 DESCRIPTION: IBM Sterling B2B Integrator CWE:CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

4.8CVSS5.7AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 12:54 p.m.10 views

Security Bulletin: IBM Stering B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-2667)

Summary IBM Stering B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-2667 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive system information about the server to a privileged...

4.9CVSS5.8AI score0.00243EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 12:50 p.m.4 views

Security Bulletin: IBM Stering B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service Due to IBM WebSphere Application Server Liberty (CVE-2024-47535)

Summary IBM Stering B2B Integrator and IBM Sterling File Gateway have addressed the denial of service vulnerability Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance...

5.5CVSS6.4AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:23 a.m.5 views

Security Bulletin: The IBM® Engineering Lifecycle Management - Jazz Foundation is impacted by Path Relative Stylesheet Import vulnerability.

Summary A vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation, due to a Path-Relative Stylesheet Import PRSSI. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2024-43184 DESCRIPTION: IBM...

6.1CVSS6AI score0.00197EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:5 a.m.5 views

Security Bulletin: The IBM Engineering Test Management product using WebSphere Application Server traditional is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. It has been addressed in this...

7.5CVSS7.5AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:5 a.m.4 views

Security Bulletin: The IBM Engineering Test Management product using WebSphere Application Server traditional could allow a remote attacker to bypass security restrictions (CVE-2024-56339)

Summary IBM WebSphere Application Server and Webphere Application Server Liberty are affected by a security bypass caused by a failure to honor security configuration. It has been addressed in this bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

7.5CVSS8.6AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:5 a.m.6 views

Security Bulletin: The IBM Engineering Test Management product using WebSphere Application Server is affected by a denial of service with glassfish jsonp (CVE-2025-36097)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service. This affects WebSphere Liberty with the jsonp-1.0, jsonp-1.1, or jsonp-2.0 features enabled. It has been addressed in this bulletin. Vulnerability Details Refer to the security...

7.5CVSS8.6AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:4 a.m.4 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using IBM® SDK, Java™ Technology Edition affected by multiple vulnerabilities (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2025 Critical Patch Update. For more information please refer to Oracle's July 2025 CPU Advisory and the CVE links referenced below. Following IBM® Engineering...

7.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:4 a.m.2 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a security bypass in JMS messaging (CVE-2025-36124)

Summary IBM WebSphere Application Server Liberty is affected by a security bypass vulnerability in JMS messaging with the wasJmsServer-1.0, wasJmsSecurity-1.0, wasJmsClient-2.0, messagingServer-3.0, messagingSecurity-3.0, or messagingClient-3.0 feature enabled. Following IBM® Engineering Lifecycl...

7.5CVSS6.3AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:4 a.m.5 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service with HTTP/2 (CVE-2025-36047)

Summary IBM WebSphere Application Server Liberty is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addresse...

7.5CVSS6.2AI score0.00421EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:2 a.m.13 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Following IBM® Engineering...

7.5CVSS7.6AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 9:1 a.m.8 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service (CVE-2025-36000)

Summary IBM WebSphere Application Server Liberty is affected by a stored cross-site scripting vulnerability with the adminCenter-1.0 feature enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation,...

4.8CVSS5.7AI score0.00165EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 8:59 a.m.4 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could allow a remote attacker to bypass security restrictions (CVE-2024-56339)

Summary IBM WebSphere Application Server and Webphere Application Server Liberty are affected by a security bypass caused by a failure to honor security configuration. IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...

7.5CVSS8.6AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/04 3:25 a.m.4 views

Security Bulletin: IBM Stering B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service Due to Netty (CVE-2024-47535)

Summary IBM Stering B2B Integrator and IBM Sterling File Gateway have addressed the denial of service vulnerability Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance...

5.5CVSS6.7AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/03 6:40 p.m.7 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer to th...

7.5CVSS7.6AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/03 6:36 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer ...

7.5CVSS7.5AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/03 6:33 p.m.9 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer to the...

7.5CVSS7.5AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/03 6:17 p.m.6 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service due to Apache Commons FileUpload. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

7.5CVSS7.6AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/03 6:12 p.m.5 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

7.5CVSS7.5AI score0.63258EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35598