Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34981 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 7:2 a.m.6 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Automation Workflow (CVE-2025-36038)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

9.8CVSS7.6AI score0.01EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/02 7:0 a.m.10 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004 (June 2025)

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF004. Vulnerability Details CVEID:CVE-2025-29907 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to...

8.7CVSS8.2AI score0.1054EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 10:16 p.m.11 views

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION:...

9.8CVSS10AI score0.89929EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 9:19 p.m.6 views

Security Bulletin: IBM Fusion Data Catalog Service is vulnerable to elevated container linux kernel privileges (CVE-2022-0185)

Summary IBM Fusion's Data Catalog Service containers previously required certain elevated linux kernel privileges. CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context...

8.4CVSS6.6AI score0.01944EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 9:19 p.m.6 views

Security Bulletin: IBM Fusion is vulnerable to Path Traversal due to python's setuptools (CVE-2025-47273)

Summary Python's setuptools is used by IBM Fusion as part of the Data Catalog Service and is vulnerable to path traversal. CVE-2025-47273. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python...

8.8CVSS7.9AI score0.0012EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 8:42 p.m.40 views

Security Bulletin:IBM MQ is vulnerable to a buffer overflow issue (CVE-2024-25048)

Summary An issue was identified with IBM MQ when a client sends a malformed xarecover request. This can result in a memory overwrite or buffer overflow within the queue manager. Vulnerability Details CVEID:CVE-2024-25048 DESCRIPTION: IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based...

7.5CVSS7.8AI score0.00614EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 6:48 p.m.7 views

Security Bulletin: IBM Storage Ceph is vulnerable to Injection in Golang (CVE-2023-29405)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-29405 This bulletin identifies the steps to take to address the vulnerability in Golang Vulnerability Details CVEID:CVE-2023-29405 DESCRIPTION: The go command may execute arbitrary code at build time when using cgo. This may occur wh...

9.8CVSS7.5AI score0.00329EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 6:46 p.m.4 views

Security Bulletin: IBM Storage Ceph is vulnerable to Code Injection in Golang (CVE-2023-29404)

Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-29404 This bulletin identifies the steps to take to address the vulnerability in Golang. Vulnerability Details CVEID:CVE-2023-29404 DESCRIPTION: The go command may execute arbitrary code at build time when using cgo. This may occur...

9.8CVSS7.6AI score0.00084EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 6:12 p.m.20 views

Security Bulletin: IBM Storage Ceph is vulnerable to Open Redirects in WebOb (CVE-2024-42353)

Summary WebOb is used by IBM Storage Ceph in Dashboard and RGW. CVE-2024-42353 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-42353 DESCRIPTION: WebOb provides objects for HTTP requests and responses. When WebOb...

6.1CVSS6.6AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 6:8 p.m.11 views

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption and Improper Input Validation in Werkzeug (CVE-2023-46136, CVE-2023-25577, CVE-2023-23934)

Summary Werkzeug is used by IBM Storage Ceph in the Dashboard. CVE-2023-46136, CVE-2023-25577, CVE-2023-23934 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2023-46136 DESCRIPTION: Werkzeug is a comprehensive WSGI web...

8CVSS9AI score0.00878EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 6:1 p.m.8 views

Security Bulletin: Apache ZooKeeper Admin Server IPAuthenticationProvider Vulnerability: Authentication Bypass via Spoofed X-Forwarded-For Header

Summary When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider,...

9.1CVSS9.3AI score0.00078EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 5:59 p.m.20 views

Security Bulletin: Waitress WSGI Server Vulnerability: HTTP Pipelining Request Handling with Disabled Lookahead

Summary Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and...

9.1CVSS7AI score0.00572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 4:4 p.m.5 views

Security Bulletin: Due to use of IBM Storage Scale , IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Multiple vulnerabilities in IBM Storage Scale which could provide weaker than expected security were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp wi...

7.5CVSS8.1AI score0.3466EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 10:22 a.m.4 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to a Cross-site scripting (XSS) attack (CVE-2024-11831).

Summary IBM Event Endpoint Management is vulnerable to a Cross-site scripting XSS attack due to a flaw in npm-serialize-javascript. It is used for safely serialize complex JavaScript objects for storage or transmission. Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in...

5.4CVSS6.1AI score0.01098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 10:2 a.m.8 views

Security Bulletin: Cryptography expose cryptographic primitives and recipes

Summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling loadpempkcs7certificates or loadderpkcs7certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of...

7.5CVSS6.2AI score0.01255EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 7:48 a.m.6 views

Security Bulletin: Prevoius version has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c, affect watsonx.data

Summary libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema...

9.8CVSS7.6AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/07/01 6:52 a.m.11 views

Security Bulletin: parse.ParseUnverified vulnerability affects watsonx.data

Summary golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request who...

7.5CVSS6.8AI score0.00083EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 11:10 p.m.17 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 9.2.1. Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choos...

8.7CVSS8.2AI score0.01473EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 8:8 p.m.5 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Tampering (CVE-2025-36056)

Summary The IBM TS7700 virtualization solution has a vulnerability CVE-2025-36056 that makes it susceptible to tampering, as an attacker could exploit a Cross-Site Scripting flaw in its management interface. This security gap could enable unauthorized access to sensitive information through socia...

5.4CVSS6.2AI score0.0011EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 8:7 p.m.5 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a Denial of Service (CVE-2025-23184) due to the use of WebSphere Application Server Liberty

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service associated with the use of WebSphere Application Server Liberty CVE-2025-23184, which is used in its Management Interface. Under certain rare conditions, CachedOutputStream instances may not close properly. If these...

7.5CVSS7AI score0.00147EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 8:5 p.m.7 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Cross-Site Scripting in the Management Interface

Summary IBM Virtualization Engine TS7700 is susceptible to information disclosure and privilege escalation CVE-2025-2141. An attacker can perform Cross-Site Scripting XSS attacks on the IBM TS7700 Management Interface, allowing them to redirect users to malicious websites phishing, create malicio...

6.1CVSS6.4AI score0.00143EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 7:20 p.m.6 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now included in 6.2.3.0 and 6.1.9.7.

Summary The following vulnerabilities that can affect IBM Storage Scale System and could provide weaker than expected security are now fixed in 6.2.3.0 and 6.1.9.7. Vulnerability Details CVEID:CVE-2024-35809 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: PCI/PM:...

5.5CVSS7.4AI score0.0002EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 3:48 p.m.6 views

Security Bulletin: An unsafe reading of environment file could potentially cause a denial of service in Netty, affecting watsonx.data

Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. These could affect watsonx.data. Vulnerability...

5.5CVSS6.7AI score0.00467EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 3:47 p.m.4 views

Security Bulletin: GNU Wget through 1.21.1 could affect watsonx.data

Summary GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2021-31879 DESCRIPTION: GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different...

6.1CVSS6.9AI score0.00154EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 1:41 p.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System[CVE-2020-5256, CVE-2025-2895]

Summary Multiple Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System is affected to Prototype Pollution due to Dojo and HTML Injection in JavaScript. Vulnerability Details CVEID:CVE-2020-5258 DESCRIPTION: In affected versions of dojo NPM package, the deepCopy method is...

9CVSS7.4AI score0.0154EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 1:36 p.m.7 views

Security Bulletin: Vulnerabilities in libssh affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the libssh component affect IBM Storage Virtualize products and could cause denial of service and confidentiality impacts. CVE-2023-1667 CVE-2023-2283. Vulnerability Details CVEID:CVE-2023-1667 DESCRIPTION: A NULL pointer dereference was found In libssh during re-keying...

6.5CVSS7.2AI score0.01094EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 1:34 p.m.7 views

Security Bulletin: Vulnerabilities in multiple components affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in netty-handler, python-dns, bind, kernel, openssl, net-snmp and libgcrypt components affect IBM Storage Virtualize products and could cause denial of service and confidentiality impacts. CVE-2024-35857 CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808...

8.8CVSS8.6AI score0.14258EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 1:27 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.13 LTS and 12.13.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

9.8CVSS7.5AI score0.01227EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 11:47 a.m.3 views

Security Bulletin: Broadcomm VMware ESXi Vulnerabilities affect IBM Cloud Pak System

Summary Broadcomm VMware ESXi Vulnerabilities affect IBM Cloud Pak SystemCVE-2025-22224, CVE-2025-22225,CVE-2025-22226 Vulnerability Details CVEID:CVE-2025-22224 DESCRIPTION: VMware ESXi, and Workstation contain a TOCTOU Time-of-Check Time-of-Use vulnerability that leads to an out-of-bounds write...

9.3CVSS7.8AI score0.47395EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 10:35 a.m.6 views

Security Bulletin:Unclear documentation of the error behavior in `ParseWithClaims` affects watsonx.data

Summary golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

3.1CVSS5.9AI score0.0006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 10:33 a.m.7 views

Security Bulletin: libxml2 before 2.12.10 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c, affects watsonx.data

Summary libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema...

9.8CVSS7.6AI score0.00183EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 10:31 a.m.4 views

Security Bulletin: Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit, affect watsonx.data

Summary Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses...

8.7CVSS7.2AI score0.00134EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 10:25 a.m.6 views

Security Bulletin: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions., affect watsonx.data

Summary An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2025-24201 DESCRIPTION: An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This...

10CVSS7.7AI score0.0021EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:58 a.m.6 views

Security Bulletin: Due to the use of WebSphere Application Server traditional , the IBM Tivoli System Automation Application Manager is vulnerable to an arbitrary code execution vulnerability (CVE-2025-36038)

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2025-36038 Vulnerability Details CVEID:CVE-2025-36038 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker ...

9.8CVSS7.3AI score0.01EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:41 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses node 16.16.0 which is vulnerable to CVE-2023-32002, CVE-2022-35255. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-32002 DESCRIPTION: The use of...

9.8CVSS7.5AI score0.01213EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:39 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses runtime-7.26.0.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

6.2CVSS6.5AI score0.0006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:36 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before...

4.3CVSS6AI score0.00107EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:32 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.20.6.tgz which is vulnerable to CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses helpers-7.20.6.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

6.2CVSS6.5AI score0.0006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:30 a.m.2 views

Security Bulletin: Upgraded higher version of cometD in Maximo IT 9.1

Summary Upgraded heigher version of cometD in Maximo IT 9.1 Vulnerability Details CVEID:CVE-2022-24721 DESCRIPTION: CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so...

8.1CVSS7.7AI score0.00177EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:29 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-7.5.9.tgz which is vulnerable to CVE-2024-37890

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-7.5.9.tgz which is vulnerable to CVE-2024-37890. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: ws is an open source WebSocke...

7.5CVSS6.8AI score0.00541EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:26 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION:...

8.7CVSS7.3AI score0.00293EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:22 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses serve-static-1.15.0.tgz which is vulnerable to CVE-2024-43800. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serve...

5CVSS6.6AI score0.00919EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:18 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses send-0.18.0.tgz which is vulnerable to CVE-2024-43799. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for...

5CVSS6.8AI score0.00175EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:16 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-7.0.3.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

8.7CVSS7.2AI score0.00067EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:12 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses body-parser-1.19.2.tgz which is vulnerable to CVE-2024-45590. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is...

7.5CVSS7.2AI score0.01387EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/30 6:8 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package...

5.3CVSS6.8AI score0.00176EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/28 11:12 p.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.9 Interim Fix 007 Vulnerability Details CVEID:CVE-2025-36027 DESCRIPTION: IBM Datacap could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remot...

5.5CVSS6.2AI score0.28553EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/28 1:53 p.m.2 views

Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2025-21587 & CVE-2025-4447)

Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact...

7.8CVSS7AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/28 8:19 a.m.6 views

Security Bulletin: Fixes availabile for CVE-2025-1991 H1-2581021: 'An Integer Underflow During Informix Server Protocol Packet Processing Allows Attackers to Carry out a Denial-of-Service Attack'

Summary Fixes available for CVE-2025-1991 H1-2581021: 'An Integer Underflow During Informix Server Protocol Packet Processing Allows Attackers to Carry out a Denial-of-Service Attack' Vulnerability Details CVEID:CVE-2025-1991 DESCRIPTION: IBM Informix Dynamic Server could allow a remote attacker ...

7.5CVSS6.8AI score0.00428EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/28 2:35 a.m.7 views

Security Bulletin: This Power System update is being released to address CVE-2025-2884

Summary The PowerVM Virtual Trusted Platform Module vTPM feature is impacted by the referenced vulnerability. Vulnerability Details CVEID:CVE-2025-2884 DESCRIPTION: TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validatio...

6.6CVSS9.1AI score0.00078EPSS
Exploits0
Total number of security vulnerabilities34981