Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34975 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 5:50 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-expression-5.3.24.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-expression-5.3.24.jar Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possibl...

6.5CVSS6.6AI score0.01066EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 5:47 p.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in okio-2.8.0.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of okio-2.8.0.jar Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client...

7.5CVSS6.7AI score0.00567EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 5:7 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Allocation of Resources Without Limits or Throttling in Grafana (CVE-2023-47108)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-47108 Vulnerability Details CVEID:CVE-2023-47108 DESCRIPTION: OpenTelemetry-Go Contrib is a collection of third-party packages for...

7.5CVSS6.6AI score0.04299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 5:3 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer in the RHEL UBI (CVE-2024-33599)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-33599. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: nscd: Stack-based buffer overflow in netgroup cache If the Na...

8.1CVSS7.2AI score0.01546EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 5:0 p.m.17 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and hig...

9.8CVSS8.8AI score0.2185EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 4:6 p.m.5 views

Security Bulletin: IBM Datapower Operations Dashboard could allow DNS poisoning CVE-2023-0833

Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java...

7.5CVSS6.7AI score0.00141EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 3:11 p.m.5 views

Security Bulletin: Vulnerability in Linux bind affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the Linux bind component affects IBM Storage Virtualize products and could cause denial of service. CVE-2024-11187. Vulnerability Details CVEID:CVE-2024-11187 DESCRIPTION: It is possible to construct a zone such that some queries to it will generate responses containing...

7.5CVSS7.2AI score0.04177EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 3:8 p.m.5 views

Security Bulletin: Vulnerability in login affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the login system affects IBM Storage Virtualize products and could cause denial of service. CVE-2025-1351. Vulnerability Details CVEID:CVE-2025-1351 DESCRIPTION: IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products could allow a...

7CVSS7.5AI score0.0003EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 2:23 p.m.8 views

Security Bulletin: Multiple vulnerabilities found in IBM TXSeries for Multiplatforms.

Summary IBM TXSeries for Multiplatforms has been updated in order to address multiple vulnerabilities CVE-2024-12243, CVE-2024-12133, CVE-2024-8176. Vulnerability Details CVEID:CVE-2024-12243 DESCRIPTION: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an...

7.5CVSS7.5AI score0.01227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 1:40 p.m.6 views

Security Bulletin: IBM QRadar SIEM protocol is affected by Denial of Service and Security Restriction Bypass

Summary Apache Commons Compress and Apache HttpClient are affected by Denial of Service and Security Restriction Bypass. Attackers could potentially disrupt services or bypass security controls to access sensitive information. These issues have been addressed with an update. Vulnerability Details...

8.1CVSS7AI score0.0174EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 12:22 p.m.3 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM TXSeries for Multiplatforms (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM TXSeries for Multiplatforms CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM TXSeries for Multiplatforms has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587...

7.8CVSS7.4AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 12:11 p.m.4 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a privilege escalation attack ( CVE-2025-36014 )

Summary IBM Integration Bus for z/OS is vulnerable to a privilege escalation attack. Vulnerability Details CVEID:CVE-2025-36014 DESCRIPTION: IBM App Connect Enterprise Integration Bus is vulnerable to code injection by a privileged user with access to the IIB install directory. CWE:CWE-94: Improp...

8.2CVSS7.6AI score0.00062EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 10:59 a.m.3 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Standard CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

7.8CVSS7.3AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 10:32 a.m.4 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Advanced (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Advanced CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...

7.8CVSS6.6AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 10:1 a.m.4 views

Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.

Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact...

7.5CVSS6.3AI score0.00226EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 9:56 a.m.2 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in json-20230227.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of json-20230227.jar Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to...

7.5CVSS5.5AI score0.00677EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 9:56 a.m.4 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.8.1. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU...

8.7CVSS8AI score0.01201EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 7:15 a.m.5 views

Security Bulletin: IBM Data Dictionary uses protobuf-5.28.3-cp38-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2025-4565

Summary IBM Data Dictionary uses protobuf-5.28.3-cp38-abi3-manylinux2014x8664.whl which is vulnerable to CVE-2025-4565. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python...

8.2CVSS5.8AI score0.00016EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 5:42 a.m.5 views

Security Bulletin: Vulnerabilities in IBM Semeru SDK (CVE-2025-21587, CVE-2025-30698, CVE-2025-2900) affect Power HMC.

Summary The IBM Semeru SDK is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high...

7.5CVSS6.6AI score0.00226EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 5:41 a.m.7 views

Security Bulletin: Vulnerability in expat library (CVE-2024-8176) affects Power HMC.

Summary The expat library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML...

7.5CVSS7.5AI score0.00803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 5:41 a.m.13 views

Security Bulletin: Vulnerabilities in libxml2 library (CVE-2024-56171, CVE-2025-24928) affect Power HMC.

Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-56171 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and...

9.8CVSS8AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/07 5:40 a.m.5 views

Security Bulletin: Vulnerability in freetype library (CVE-2025-27363) affects Power HMC.

Summary The freetype library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when...

8.1CVSS7.4AI score0.70344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/04 8:48 p.m.4 views

Security Bulletin: IBM Integration Designer is vulnerable to improper access control (CVE-2025-48734)

Summary Vulnerability in Apache Commons BeanUtils used by IBM Integration Designer. IBM Integration Designer has addressed CVE-2025-48734. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...

8.8CVSS8.8AI score0.00258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/04 8:59 a.m.10 views

Security Bulletin: Security vulnerabilities related to tomcat-embed-core library in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities related to tomcat-embed-core library were addressed in IBM Business Automation Manager Open Editions 9.2.1. Vulnerability Details CVEID:CVE-2025-49125 DESCRIPTION: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using...

7.5CVSS7.7AI score0.01278EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/04 6:11 a.m.3 views

Security Bulletin: Multiple Security Vulnerabilities were found in IBM Java Runtime as shipped with IBM Security Verify Access and IBM Verify Identity Access

Summary Multiple Security Vulnerabilities found in IBM Java Runtime as shipped with IBM Security Verify Access and IBM Verify Identity Access have been addressed. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component...

7.8CVSS6.4AI score0.00303EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 7:26 p.m.7 views

Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal in oath-toolkit (CVE-2024-47191)

Summary oath-toolkit is used by IBM Storage Ceph for metrics and authentication. CVE-2024-47191 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-47191 DESCRIPTION: pamoath.so in oath-toolkit 2.6.7 through 2.6.11 befo...

7.1CVSS6.9AI score0.00076EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 5:39 p.m.3 views

Security Bulletin: IBM DataPower Gateway affected by issues in Java Runtime

Summary IBM DataPower Gateway does not itself use Java, but certain bundled integrations do e.g. JDBC, IMS Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiali...

7.5CVSS7.4AI score0.00226EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 3:12 p.m.3 views

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2®. (April 2025 CPU)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.25 and earlier, 8.0.8.40 and earlier used by IBM® Db2. These issues were disclosed as part of the IBM Java SDK updates in April 2025. Vulnerability Details CVEID:CVE-2025-4447 DESCRIPTION: In Eclipse OpenJ9 versions ...

7.8CVSS7.1AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 1:13 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allow a denial of service CVE-2024-30172

Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the...

7.5CVSS6.9AI score0.00091EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 10:30 a.m.15 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.298 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...

7.8CVSS8AI score0.21423EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 10:12 a.m.3 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.1 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression...

6.2CVSS8.7AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 10:10 a.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.8.1. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An...

7.5CVSS8.4AI score0.00806EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 9:34 a.m.5 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2023-39325, CVE-2022-21698)

Summary github.com/prometheus/clientgolang, golang.org/x/net are dependency packages used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapid...

7.5CVSS7.5AI score0.00376EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 9:32 a.m.10 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2022-23648, CVE-2022-32149)

Summary The listed dependency packages are being used by IBM Db2 Data Management Console github.com/containerd/containerd, golang.org/x/text. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: In net/http in Go befo...

9.1CVSS7.2AI score0.06046EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 9:26 a.m.9 views

Security Bulletin: Vulnerability in github.com/jackc/pgx/v4 affects IBM Db2 Data Management Console(CVE-2024-27289)

Summary github.com/jackc/pgx/v4 dependency package is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-27289 DESCRIPTION: pgx is a PostgreSQL driver and toolkit for Go. Prior to version...

8.1CVSS7.6AI score0.00591EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 9:23 a.m.6 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Semeru Java 17 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM Semeru Runtime Certified Edition, Version 17. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and...

7.8CVSS7.4AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 8:57 a.m.3 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 8 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology Edition, Version 8. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high...

7.8CVSS7.2AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/03 5:14 a.m.3 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified...

7.8CVSS7.2AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 5:21 p.m.6 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition

Summary IBM Sterling Connect:Direct File Agent uses IBM Runtime Environment Java Technology Edition, Version 7 and 8. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related ...

7.8CVSS6.2AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 5:14 p.m.7 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Semeru Runtime

Summary IBM Sterling Connect:Direct File Agent uses IBM Semeru Runtime version 17. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could...

7.8CVSS6.5AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 3:26 p.m.10 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to improper access control due to Apache Commons BeanUtils (CVE-2025-23184)

Summary Apache Commons BeanUtils is shipped with IBM Tivoli Business Service Manager as part of its backend process to handle Java Beans. Information about a security vulnerability affecting Apache Commons BeanUtils has been published in a security bulletin. Vulnerability Details...

8.8CVSS6.8AI score0.00258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 3:25 p.m.3 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION:...

5.3CVSS5.5AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 2:50 p.m.5 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to denial of service attack due to Apache CXF (CVE-2025-23184)

Summary Apache CXF is shipped with IBM Tivoli Business Service Manager as part of the web services framework. Information about a security vulnerability affecting Apache CXF has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of...

7.5CVSS5.3AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 12:19 p.m.25 views

Security Bulletin: Vulnerability in linux (Kernel) affects IBM Integrated Analytics System.

Summary Redhat provided linux Kernel is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVEs CVE-2024-38575, CVE-2024-36940, CVE-2024-36017, CVE-2024-39472, CVE-2024-36905, CVE-2024-27010, CVE-2024-42244, CVE-2024-38598, CVE-2024-39502,...

9.1CVSS8.2AI score0.00449EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 7:2 a.m.6 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Automation Workflow (CVE-2025-36038)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

9.8CVSS7.6AI score0.01EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 7:0 a.m.10 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004 (June 2025)

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004. Vulnerability Details CVEID:CVE-2025-29907 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to...

8.7CVSS8.2AI score0.1054EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 10:16 p.m.11 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION:...

9.8CVSS10AI score0.89929EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 9:19 p.m.6 views

Security Bulletin: IBM Fusion Data Catalog Service is vulnerable to elevated container linux kernel privileges (CVE-2022-0185)

Summary IBM Fusion's Data Catalog Service containers previously required certain elevated linux kernel privileges. CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context...

8.4CVSS6.6AI score0.01944EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 9:19 p.m.6 views

Security Bulletin: IBM Fusion is vulnerable to Path Traversal due to python's setuptools (CVE-2025-47273)

Summary Python's setuptools is used by IBM Fusion as part of the Data Catalog Service and is vulnerable to path traversal. CVE-2025-47273. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python...

8.8CVSS7.9AI score0.0012EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 8:42 p.m.40 views

Security Bulletin:IBM MQ is vulnerable to a buffer overflow issue (CVE-2024-25048)

Summary An issue was identified with IBM MQ when a client sends a malformed xarecover request. This can result in a memory overwrite or buffer overflow within the queue manager. Vulnerability Details CVEID:CVE-2024-25048 DESCRIPTION: IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based...

7.5CVSS7.8AI score0.00614EPSS
Exploits0Affected Software1
Total number of security vulnerabilities34975