Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/21 5:17 p.m.6 views

Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3

Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...

6.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/21 4:16 p.m.6 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been addressed CVE-2025-36097,CVE-2024-56339 Vulnerability Details Refer to the security...

7.5CVSS7.1AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/21 11:26 a.m.9 views

Security Bulletin: Vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis (CVE-2019-11358, CVE-2020-23064, CVE-2020-11023, CVE-2020-11022)

Summary Cross-site scriptingXSS vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis. It allows remote attackers to execute a script in a victim's Web browser. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal,...

6.9CVSS7.2AI score0.99019EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/21 7:45 a.m.4 views

Security Bulletin: A Security vulnerability in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerability were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase.CVE-2024-9143 Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field...

4.3CVSS7.7AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/20 9:40 p.m.13 views

Security Bulletin: Multiple Secuirty vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge

Summary Multiple secuirty vulnerabilities impacting IBM Knowledge Catalog Standard Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...

8.8CVSS8.5AI score0.08665EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/20 3:3 p.m.13 views

Security Bulletin: AIX/VIOS is affected by arbitrary code execution (CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517) due to Python

Summary Vulnerabilities in Python could allow an attacker to execute arbitrary code CVE-2025-47273, CVE-2025-4330, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools ...

9.4CVSS8.5AI score0.01479EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/20 1:51 p.m.3 views

Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution (CVE-2025-27516)

Summary IBM SOAR QRadar Plugin app for IBM QRadar SIEM is affected by server-side template injection leading to remote code execution. IBM SOAR QRadar Plugin app has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating...

8.8CVSS8.3AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/20 1:48 p.m.5 views

Security Bulletin: IBM SOAR QRadar Plugin app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible...

8.8CVSS8.3AI score0.01479EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/20 6:45 a.m.10 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-53506, CVE-2025-52434 and CVE-2025-52520 )

Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-53506 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that...

7.5CVSS7.2AI score0.0196EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/20 3:21 a.m.26 views

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0 Vulnerability Details CVEID:CVE-2024-34750 DESCRIPTION: Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did n...

9.8CVSS7.4AI score0.43663EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/20 2:37 a.m.22 views

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0 Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can...

9.8CVSS10AI score0.99615EPSS
Exploits22Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/19 8:51 p.m.7 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability (CVE-2024-56339)

Summary IBM WebSphere Application Server and Webphere Application Server Liberty are affected by a security bypass caused by a failure to honor security configuration. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server...

7.5CVSS9.2AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 9:21 p.m.6 views

Security Bulletin: The B2B API of IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service (CVE-2025-25193)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...

5.5CVSS6.9AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 7:26 p.m.30 views

Security Bulletin: Carbon design system packages

Summary Various packages are vulnerable to multiples CVEs and can be resolved by updating to [email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected]....

9.8CVSS8AI score0.03299EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 6:41 p.m.7 views

Security Bulletin: Insufficiently protected credentials and improper output neutralization for logs might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to insufficiently protected credentials and improper output neutralization for logs. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing...

5.3CVSS7.6AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 4:23 p.m.7 views

Security Bulletin: AS4 of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting (CVE-2025-33008)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cross-site scripting security vulnerability Vulnerability Details CVEID:CVE-2025-33008 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an...

5.4CVSS6.2AI score0.00218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 4:16 p.m.6 views

Security Bulletin: The Container Version of the B2B API of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-2988)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure security vulnerability Vulnerability Details CVEID:CVE-2025-2988 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive server information to an unauthorized use...

6.5CVSS6.4AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 3:21 p.m.5 views

Security Bulletin: IBM WebSphere Application Server which is bundled with WebSphere Remote Server, could provide weaker than expected security (CVE-2025-33142)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS6.6AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 2:19 p.m.87 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a ty...

6.7CVSS10AI score0.9378EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 2:17 p.m.68 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22365 DESCRIPTION: Linux-pam is vulnerable to a denial of service, caused by ...

8.4CVSS9.7AI score0.00887EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 12:24 p.m.7 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-33142)

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security...

7.5CVSS6.7AI score0.00252EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 11:50 a.m.9 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) could provide weaker than expected security

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM could provide weaker than expected security CVE-2025-33142 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

7.5CVSS6.8AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 11:32 a.m.6 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-36097, CVE-2024-56339)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS7.4AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 11:28 a.m.6 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2024-43204, CVE-2024-43394, CVE-2024-42516 , CVE-2025-54090]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2024-43204, CVE-2024-43394, CVE-2024-42516 , CVE-2025-54090 Vulnerability Details Refer to the security...

7.5CVSS6.9AI score0.01094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 11:22 a.m.28 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-27907,CVE-2025-33104, CVE-2025-36038)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS7.6AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 10:33 a.m.7 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

6.8CVSS7.4AI score0.02164EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 10:29 a.m.10 views

Security Bulletin: IBM Cloud Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js (CVE-2025-48924, CVE-2025-4949)

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

6.8CVSS7.4AI score0.02164EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 6:31 a.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server, which impacts IBM Tivoli Netcool Configuration Manager

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Multiple vulnerabilities were addressed in IBM WebSphere Application Server CVE-2024-56339, CVE-2025-36097, CVE-2024-43204, CVE-2024-43394, CVE-2024-42516. Vulnerability...

7.5CVSS7.2AI score0.01094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 4:31 a.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2015-5305 DESCRIPTION: Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted...

10CVSS10AI score0.27392EPSS
Exploits35Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/18 4:29 a.m.14 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.0.0 Vulnerability Details CVEID:CVE-2025-48379 DESCRIPTION: Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large 64k encoded with...

7.8CVSS8.7AI score0.91969EPSS
Exploits19Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 4:8 p.m.6 views

Security Bulletin: IBM Datapower Operations Dashboard could allow attackers to create new valid signatures different from previous signatures for a known message CVE-2020-36843

Summary EdDSA is used by the IBM Datapower Operations Dashboard for its cryptographic implementation Vulnerability Details CVEID:CVE-2020-36843 DESCRIPTION: The implementation of EdDSA in EdDSA-Java aka ed25519-java through 0.3.0 exhibits signature malleability and does not satisfy the SUF-CMA...

4.3CVSS6.6AI score0.00133EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 3:34 p.m.2 views

Security Bulletin: IBM Datapower Operations Dashboard could lead to excessive CPU consumption CVE-2024-29857

Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS befo...

7.5CVSS6.6AI score0.011EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 2:49 p.m.8 views

Security Bulletin: IBM i is affected by an authenticated user gaining elevated privileges due to a web session hijacking vulnerability in IBM Digital Certificate Manager for i [CVE-2025-36119].

Summary IBM i is affected by a user authenticated to IBM Digital Certificate Manager for i gaining elevated privileges due to a web session hijacking vulnerability as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as describ...

8.8CVSS6AI score0.00175EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 2:37 p.m.13 views

Security Bulletin: IBM QRadar Log Source Management app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Log Source Management app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is ...

9.1CVSS5.9AI score0.00478EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 2:35 p.m.14 views

Security Bulletin: IBM QRadar Data Synchronization app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Data Synchronization app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...

9.4CVSS6.8AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 9:39 a.m.8 views

Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management v11.6.3. Vulnerability Details CVEID:CVE-2025-30698 DESCRIPTION: An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity and low...

5.6CVSS5.9AI score0.0095EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 9:21 a.m.17 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-48976)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service attack due to an Apache Commons FileUpload vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerabili...

7.5CVSS6.7AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 9:20 a.m.8 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-33142)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a weaker than expected security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the securit...

7.5CVSS6.5AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/15 12:26 a.m.9 views

Security Bulletin: A security vulnerability has been discovered in IBM Verify Identity Access OIDC Provider (CVE-2024-56171)

Summary A security vulnerability has been addressed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2024-56171 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in...

9.8CVSS7AI score0.0113EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 8:45 p.m.6 views

Security Bulletin: The Document Service Container of IBM Stelring B2B Integrator and IBM Sterling File Gateway is vulnerable to Informaton Disclosure (177835)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure security vulnerability Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper...

6.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 8:38 p.m.5 views

Security Bulletin: The B2B API of the IBM Stelring B2B Integrator and IBM Sterling File Gateway are Vulnerable to Denial of Service (CVE-2025-23184)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial of service security vulnerability Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In...

7.5CVSS6.9AI score0.01941EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 4:48 p.m.8 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45339 DESCRIPTION: When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log fil...

8.8CVSS7.9AI score0.03239EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 4:19 p.m.7 views

Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-33142)

Summary IBM WebSphere Application Server could provide weaker than expected security for TLS connections. Vulnerability Details CVEID:CVE-2025-33142 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security for TLS connections. CWE:CWE-295: Improper Certificate...

7.5CVSS6.9AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 4:10 p.m.41 views

Security Bulletin: A Security Vulnerability was found in the IBM Security Verify Access product.

Summary IBM Security Verify Access could allow could an unverified user to change the password of an expired user without prior knowledge of that password Vulnerability Details CVEID:CVE-2024-45647 DESCRIPTION: IBM Security Verify Access could allow could an unverified user to change the password...

9.8CVSS5.9AI score0.00259EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 3:13 p.m.5 views

Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by a security bypass vulnerability (CVE-2025-54090)

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

6.3CVSS6.7AI score0.00691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 2:5 p.m.7 views

Security Bulletin: Multiple vulnerabilities in python and babel runtime affect IBM DevOps Automation Code

Summary Python version 3.9.15, vulnerable to CVE-2023-27043, CVE-2024-3220 and babel version 7.27.7 vulnerable to CVE-2025-27789 are used inside DevOps Automation Code 1.0.1 containers. Vulnerability Details CVEID:CVE-2024-3220 DESCRIPTION: There is a defect in the CPython standard library module...

6.2CVSS6.8AI score0.02507EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 1:49 p.m.7 views

Security Bulletin: IBM Planning Analytics is vulnerable to a Denial of Service due to the use of Apache Commons

Summary There is a vulnerability in one of the Open Source Software OSS components consumed by IBM Planning Analytics. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics Workspace and not any nested dependencies within the product...

7.5CVSS7.5AI score0.63258EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 11:30 a.m.14 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-48988, CVE-2025-49125 & CVE-2025-48976 )

Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-48988 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 throug...

7.5CVSS7.2AI score0.63258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 8:53 a.m.6 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager

Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS8.1AI score0.01966EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/14 8:38 a.m.15 views

Security Bulletin: Due to use of IBM WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is vulnerable to disclosure of information.

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Netty CVE-2024-47535CVE-2025-25193 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...

5.5CVSS6.4AI score0.00408EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35598