Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 8:11 a.m.17 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.300 Vulnerability Details CVEID:CVE-2024-52533 DESCRIPTION: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow becau...

9.8CVSS9AI score0.01479EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 7:17 a.m.5 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2024-56339)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS9.4AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 7:16 a.m.4 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-36038)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.8CVSS6.6AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 6:42 a.m.9 views

Security Bulletin: IBM Sterling Connect:Direct Web Services uses glib2 which is affected by CVE-2024-52533 and CVE-2025-4373

Summary IBM Sterling Connect:Direct Web Services is vulnerable to an integer overflow in the gstringinsertunichar function. This has been addressed in new build available from IBM Repository. Vulnerability Details CVEID:CVE-2024-52533 DESCRIPTION: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 h...

9.8CVSS6.7AI score0.01263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 5:59 a.m.8 views

Security Bulletin: Vulnerabilities in axios affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in axios has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios...

9.8CVSS7.3AI score0.00356EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 5:55 a.m.4 views

Security Bulletin: Vulnerabilities in Babel affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Babel has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a...

6.2CVSS6.1AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 3:40 a.m.5 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts...

4.4CVSS6.2AI score0.00384EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 3:20 a.m.5 views

Security Bulletin: Vulnerabilities in SAXBuilder affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in SAXBuilder has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2021-33813 DESCRIPTION: An XX...

7.5CVSS6.1AI score0.19442EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 12:51 a.m.9 views

Security Bulletin: Vulnerabilities in CodeMirror affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in CodeMirror has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A...

6.9CVSS5.6AI score0.00448EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 12:27 a.m.8 views

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an...

5.5CVSS7AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/07 12:15 a.m.5 views

Security Bulletin: Vulnerabilities in SSH affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in SSH has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers...

7.5CVSS6.1AI score0.00868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 9:33 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle April 2024 CPU plus...

7.8CVSS6.8AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 6:17 p.m.4 views

Security Bulletin: Vulnerabilities in Babel affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Babel has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a...

6.2CVSS6.1AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:53 p.m.3 views

Security Bulletin: Multiple vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE...

5.9CVSS7.2AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:47 p.m.5 views

Security Bulletin: Vulnerabilities in nanoid affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in nanoid has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid a...

4.3CVSS5.9AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:36 p.m.5 views

Security Bulletin: Multiple vulnerability in IBM® SDK, Java™ and IBM® Semeru Runtime may affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow traditional requires IBM® SDK, Java™. IBM Business Automation Workflow containers package IBM® Semeru Runtime. Vulnerabilities for both variants of Java have been reported. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerabilit...

7.8CVSS7.1AI score0.00688EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:33 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-43204, CVE-2024-43394, CVE-2024-42516)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

6AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:25 p.m.5 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow embedded Navigator - CVE-2024-38808

Summary IBM Business Automation Workflow embedded Navigator repackages a vulnerable copy of Spring. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring...

4.3CVSS6.6AI score0.00536EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:22 p.m.8 views

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2025-33197

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details CVEID:CVE-2025-33197 DESCRIPTION: IBM Business Automation Workflow, CP4BA is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary...

5.5CVSS6.2AI score0.00143EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:21 p.m.6 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and...

9.1CVSS6.3AI score0.03092EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:19 p.m.4 views

Security Bulletin: Security vulnerability in jetty may affect IBM Business Automation Workflow - CVE-2024-6763

Summary IBM Business Automation Workflow is vulnerable packages a vulnerable copy of eclipse jetty. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...

5.3CVSS6AI score0.00986EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:16 p.m.7 views

Security Bulletin: Multiple vulnerabilities in embedded Navigator affect IBM Business Automation Workflow - CVE-2024-38808, CVE-2024-31141

Summary IBM Business Automation Workflow repackages a version of IBM Content Navigator, which in turn repackages a vulnerable version of the kafka-clients library. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...

6.5CVSS7AI score0.01129EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:12 p.m.4 views

Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty may affect IBM Business Automation Workflow - CVE-2025-25193, CVE-2025-23184

Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty. Multiple security vulnerabilies have been reported...

7.5CVSS6.9AI score0.01941EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 5:10 p.m.7 views

Security Bulletin: Cross Site Scripting vulnerabiliies may affect IBM Business Automation Workflow - CVE-2024-47875, CVE-2024-48910

Summary IBM Business Automation Workflow packages a vulnerable copy of DOMPurify. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability i...

10CVSS8.7AI score0.01176EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 4:39 p.m.3 views

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is ...

5.5CVSS6.8AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 4:37 p.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.14 LTS and 12.14.0 addresses the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.8CVSS9AI score0.02945EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 4:10 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.3 Vulnerability Details CVEID:CVE-2013-4660 DESCRIPTION: The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute...

7.5CVSS10AI score0.99019EPSS
Exploits18Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 3:52 p.m.15 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed multiple vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to...

8.8CVSS9.3AI score0.62368EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 3:40 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF006

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF006 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Request...

9.1CVSS7.4AI score0.01479EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 1:40 p.m.14 views

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

7.5CVSS7.3AI score0.00868EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 11:37 a.m.5 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-27907)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.1CVSS5.8AI score0.0028EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 11:19 a.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-23166]

Summary Node.js is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js. CVE-2025-23166 Vulnerability Details...

7.5CVSS7.5AI score0.00763EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 11:17 a.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality [CVE-2025-22874]

Summary Golang module crypto/x509 is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang...

7.5CVSS5.9AI score0.00311EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/06 7:11 a.m.6 views

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF18 patch Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons...

8.8CVSS8.3AI score0.01941EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 6:39 p.m.2 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2025-21587, CVE-2025-30698, CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to...

7.8CVSS6.8AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 6:37 p.m.7 views

Security Bulletin: IBM Tivoli Monitoring is affected by heap buffer overflow vulnerabilities

Summary IBM Tivoli Monitoring has addressed heap buffer overflow vulnerabilities CVE-2025-3354, CVE-2025-3320 Vulnerability Details CVEID:CVE-2025-3354 DESCRIPTION: IBM Tivoli Monitoring is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could...

9.8CVSS7.6AI score0.00453EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 5:6 p.m.7 views

Security Bulletin: IBM Guardium Data Protection is affected by a RHEL7 Kernel vulnerability (CVE-2024-36971)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-36971 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when...

7.8CVSS7.6AI score0.02701EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 3:40 p.m.27 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple Tomcat vulnerabilities (CVE-2025-24813, CVE-2024-50379)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files...

10CVSS9.9AI score0.99945EPSS
Exploits58Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 3:36 p.m.15 views

Security Bulletin: IBM Guardium Data Protection is affected by a Privilege Escalation vulnerability (CVE-2025-3473)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-3473 DESCRIPTION: IBM Security Guardium could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program...

6.7CVSS5.9AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 3:14 p.m.10 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - could be susceptible to cross-site scripting due to no validation of URIs.

Summary IBM Engineering Lifecycle Optimization - Publishing could be susceptible to cross-site scripting due to no validation of URIs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimizati...

6.1CVSS5.7AI score0.00175EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 10:55 a.m.5 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM)(CVE-2024-56339)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

7.5CVSS5.6AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 10:51 a.m.5 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2025-36097)

Summary WebSphere Application Server is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulleti...

7.5CVSS5.7AI score0.00399EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/05 5:15 a.m.6 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to FreeType Remote Code Execution Vulnerability (CVE-2025-27363)

Summary IBM Sterling Partner Engagement Manager uses FreeType has part of the package and is affected by CVE-2025-27363 for versions 2.13.0 and below. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of...

8.1CVSS7.5AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 12:44 p.m.6 views

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bound...

9.8CVSS9.3AI score0.08042EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 7:13 a.m.12 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs and go packages which is vulnerable to " CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871"

Summary IBM Maximo Application Suite uses " axios, http-proxy-middleware and net/http package " which is vulnerable to "CVE-2025-27152, CVE-2025-32996, CVE-2025-32997, CVE-2025-22871". This bulletin contains information regarding the vulnerability and how to address it. Vulnerability Details...

9.1CVSS6.7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 6:39 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - The jackson-core package is vulnerable to a Denial of Service (DoS) attack

Summary There is a Jackson-Core vulnerability shipped with IBM Engineering Lifecycle Optimization - Publishing. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...

6.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 6:37 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - In Connect2id Nimbus JOSE+JWT, an attacker can cause a denial of service

Summary Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause ...

7.5CVSS6AI score0.00814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 6:37 a.m.9 views

Security Bulletin: There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27817)

Summary There is a vulnerability in kafka-clients-3.8.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka...

8.8CVSS7.7AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 6:36 a.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-25193)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

5.5CVSS7.1AI score0.00357EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/02 5:53 p.m.20 views

Security Bulletin: IBM Spectrum Protect Server may not count invalid sign-on attempts from Operations Center (CVE-2022-22485)

Summary The IBM Spectrum Protect Server, in certain instances, may not increment the number of invalid sign-on attempts from Operations Center. This could allow an attacker to use brute force techniques to gain access to the IBM Spectrum Protect Server. Vulnerability Details CVEID:CVE-2022-22485...

9.8CVSS6.1AI score0.01058EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35598