Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/08/02 3:58 p.m.55 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

9.8CVSS10AI score0.99019EPSS
Exploits16Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 7:16 p.m.42 views

Security Bulletin: Outbound Email for SOAR App is using a component with a known vulnerability (CVE-2025-27516)

Summary The Outbound Email for SOAR App uses an older version of the jinja template library that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to Outbound Email for SOAR version 2.1.4 or later. Vulnerabilit...

8.8CVSS7.9AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 4:1 p.m.9 views

Security Bulletin: Vulnerability with spring-security-crypto and jinja affect IBM Cloud Object Storage Systems (July 2025)

Summary Vulnerability with spring-security-crypto CVE-2025-22228 and jinja CVE-2025-27516 . This vulnerability has been addressed in the latest ClevOS release. Vulnerability Details CVEID:CVE-2025-22228 DESCRIPTION: BCryptPasswordEncoder.matchesCharSequence,String will incorrectly return true for...

8.8CVSS7.6AI score0.00568EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 3:11 p.m.6 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in...

7.5CVSS6.6AI score0.00856EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 1:18 p.m.13 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2025 Critical Patch Update. For more information please refer to Oracle's July 2025 CPU Advisory and the CVE links referenced below. Vulnerability Details...

8.1CVSS6.8AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 11:43 a.m.12 views

Security Bulletin: IBM QRadar SIEM is affected by cross-site scripting and denial of service (CVE-2025-33118, CVE-2011-5034, CVE-2024-25710, CVE-2024-26308)

Summary IBM QRadar SIEM is affected by stored cross-site scripting and denial of service. Apache Geronimo and Apache Commons Compress are affected by predictable hash collisions, infinite loop, and resource exhaustion. Vulnerability Details CVEID:CVE-2025-33118 DESCRIPTION: IBM QRadar SIEM is...

8.1CVSS6.6AI score0.81155EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:47 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes...

6.1CVSS6.2AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:38 a.m.11 views

Security Bulletin: IBM Maximo Application Suite uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to CVE-2024-6866, CVE-2024-6839, CVE-2024-6.

Summary IBM Maximo Application Suite uses flaskcors-5.0.1-py3-none-any.whl which is vulnerable toCVE-2024-6866, CVE-2024-6839, CVE-2024-6.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6866 DESCRIPTION: corydolphin/flask-cors...

7.5CVSS7AI score0.00652EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:33 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses runtime-7.27.0.tgz which is vulnerable to this CVE-2025-27789

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses runtime-7.27.0.tgz which is vulnerable to this CVE-2025-27789 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel...

6.2CVSS6.8AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:29 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flaskcors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844 Vulnerability Details CVEID:CVE-2024-6866 DESCRIPTION: corydolphin/flask-cors version 4.01 contain...

7.5CVSS6.8AI score0.00652EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:28 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to this CVE-2025-27516

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses jinja2-3.1.5-py3-none-any.whl which is vulnerable to this CVE-2025-27516 Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how...

8.8CVSS7.3AI score0.00465EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:5 a.m.4 views

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-22869, CVE-2024-45339, CVE-2025-30204)

Summary github.com/golang-JWT/jwt/v4-v4.5.1, github.com/golang/glog-v0.0.0, golang.org/x/crypto-v0.31.0, dependency packages are being used by IBM Db2 Intelligence Center. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-45339...

7.5CVSS6.7AI score0.00868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 8:44 a.m.2 views

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera, and...

7.5CVSS6.8AI score0.01941EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 8:27 a.m.11 views

Security Bulletin: IBM Automation Decision Services for April 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-22870...

8.8CVSS9.1AI score0.02301EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 7:37 a.m.9 views

Security Bulletin: IBM Operational Decision Manager for July 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-7272...

8.6CVSS8.6AI score0.00588EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 6:58 p.m.6 views

Security Bulletin: IBM i is affected by multiple vulnerabilities in International Components for Unicode (ICU) option 39 [CVE-2017-14952 CVE-2011-4599 CVE-2017-17484].

Summary International Components for Unicode ICU is a C and C++ library that provides Unicode services used for writing global applications in ILE programming languages. IBM i licensed program option 39 International Components for Unicode is currently built using ICU4C version 4.0. This version...

9.8CVSS9.6AI score0.08003EPSS
Exploits1Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 2:50 p.m.3 views

Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their July 2025 Vulnerability Advisory. For more information please refer to OpenJDK's July 2025 Vulnerability Advisory and the CVE links below. Vulnerability Details CVEID:CVE-2025-500...

8.6CVSS7.9AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 2:24 p.m.17 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.299 Vulnerability Details CVEID:CVE-2025-4330 DESCRIPTION: Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination...

8.7CVSS8.3AI score0.35963EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 2:21 p.m.15 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.299 Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. Thes...

7.8CVSS8.7AI score0.02224EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 2:17 p.m.6 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.299 Vulnerability Details CVEID:CVE-2025-47436 DESCRIPTION: Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where...

9.8CVSS9.2AI score0.01952EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 2:16 p.m.9 views

Security Bulletin: IBM Observability with Instana is vulnerable to Path Traversal in python

Summary python is used by IBM Instana Observability as part of the instana-agent CVE-2025-4517. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-4517 DESCRIPTION: Allows arbitrary filesystem writes outside the extraction directory durin...

9.4CVSS7.1AI score0.01184EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 2:13 p.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36038)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

9.8CVSS7AI score0.08023EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 5:40 a.m.7 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-33104)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.6CVSS6.5AI score0.00199EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 5:37 a.m.7 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025- Includes Oracle Apr 2025 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

7.8CVSS7.2AI score0.00688EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/31 5:36 a.m.2 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-36097)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.5CVSS7AI score0.00399EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/30 9:6 p.m.6 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale System are now included in 6.2.2.1 and 6.1.9.6.

Summary The following vulnerabilities that can affect IBM Storage Scale System and could provide weaker than expected security are now fixed in 6.2.2.1 and 6.1.9.6. Vulnerability Details CVEID:CVE-2024-42240 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: x86/bhi:...

6.1CVSS7.9AI score0.00979EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/30 5:5 p.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.10.1 Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names...

9.1CVSS10AI score0.01966EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/30 7:21 a.m.12 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server traditional is affected by arbitrary code execution (CVE-2025-36038)

Summary WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this...

9.8CVSS8AI score0.08023EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/30 2:47 a.m.5 views

Security Bulletin: Due to the use of IBM SDK, Java Technology, IBM Watson Explorer is vulnerable to a remote attacker to cause high confidentiality and high integrity impact

Summary IBM SDK, Java Technology is used within IBM Watson Explorer CVE-2025-21587 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity...

7.4CVSS6.6AI score0.00688EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 10:45 p.m.15 views

Security Bulletin: IBM Aspera Faspex is affected by open-source related vulnerabilities and unauthorized actions from authenticated users

Summary IBM Aspera Faspex has addressed vulnerabilities related to denial-of-service, inefficient code execution under specific conditions, and unintended traffic routing. The 3rd party vulnerabilities are for very specific use cases that are not necessarily exposed through Faspex. Additionally,...

8.7CVSS7.6AI score0.00911EPSS
Exploits2Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 10:30 p.m.23 views

Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.10

Summary Apache Portable Runtime, Dojo, CKEditor, DOORS and DOORS Web Access Libraries are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.9 is vulnerable to the below mentioned CVEs. Remediatio...

9.8CVSS10AI score0.46836EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:9 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to Placement of User into Incorrect Group in Ceph-crash.service (CVE-2022-3650)

Summary Ceph-crash.service is used by IBM Storage Ceph. CVE-2022-3650 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2022-3650 DESCRIPTION: Ceph could allow a local authenticated attacker to gain elevated privileges on the system,...

7.8CVSS6.6AI score0.00327EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:8 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Authorization Bypass Through User-Controlled Key in Grafana (CVE-2024-10452)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-10452 Vulnerability Details CVEID:CVE-2024-10452 DESCRIPTION: Organization admins can delete pending invites created in an organization...

2.7CVSS6.7AI score0.00496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:5 p.m.4 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Incorrect Authorization in Grafana (CVE-2023-6152)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-6152 Vulnerability Details CVEID:CVE-2023-6152 DESCRIPTION: A user changing their email after signing up and verifying it can change it...

5.4CVSS6.6AI score0.01385EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:4 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Authorization Bypass in Grafana (CVE-2024-1313)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-1313 Vulnerability Details CVEID:CVE-2024-1313 DESCRIPTION: It is possible for a user in a different organization from the owner of a...

6.5CVSS6.7AI score0.00646EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:4 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in Certifi (CVE-2022-23491)

Summary Certifi is used by IBM Storage Ceph for SSL Certificate verification. CVE-2022-23491 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating...

7.5CVSS6.6AI score0.00535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:3 p.m.7 views

Security Bulletin: IBM Storage Ceph is vulnerable to Inefficient Regular Expression Complexity in Grafana (CVE-2024-45801)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-45801 Vulnerability Details CVEID:CVE-2024-45801 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML,...

7.3CVSS5.2AI score0.00844EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:2 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-Site Request Forgery in Grafana (CVE-2023-45857)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-45857 Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: An issue discovered in Axios 1.5.1 inadvertently reveals the confidential...

6.5CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 9:1 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to Cross-Site Scripting in Grafana (WS-2024-0017)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. WS-2024-0017 Vulnerability Details WSID: WS-2024-0017 DESCRIPTION: Insufficient checks in DOMPurify allows an attacker to bypass sanitizers and...

7.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:59 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Authorization Bypass in Grafana (CVE-2024-45337)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-45337 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...

9.1CVSS6.8AI score0.03092EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:59 p.m.15 views

Security Bulletin: IBM Storage Ceph is vulnerable to Aymmetric Resource Consumption and Improper Handling of Exceptions in Grafana (CVE-2024-51744 CVE-2025-30204)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-51744 CVE-2025-30204 Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Uncle...

7.5CVSS6.5AI score0.00693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:57 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to SSRF in Grafana (CVE-2025-27152)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2025-27152 Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issu...

8.7CVSS6.7AI score0.00759EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:56 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to CSRF in Grafana (CVE-2023-45857)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-45857 Vulnerability Details CVEID:CVE-2023-45857 DESCRIPTION: An issue discovered in Axios 1.5.1 inadvertently reveals the confidential...

6.5CVSS7.1AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:55 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to CSRF in Werkzeug (CVE-2024-34069)

Summary Werkzeug is used by IBM Storage Ceph for the Web Server Interface. CVE-2024-34069 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-34069 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library...

7.5CVSS7.2AI score0.03397EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:52 p.m.5 views

Security Bulletin: IBM Storage Ceph is vulnerable to a Race Condition via Moby in Grafana (CVE-2024-36621)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-36621 Vulnerability Details CVEID:CVE-2024-36621 DESCRIPTION: moby v25.0.5 is affected by a Race Condition in...

6.5CVSS6.8AI score0.00625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:51 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Data Amplification in Go-Jose in Grafana (CVE-2024-28180)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-28180 Vulnerability Details CVEID:CVE-2024-28180 DESCRIPTION: Package jose aims to provide an implementation of the Javascript Object...

4.3CVSS6.6AI score0.01956EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:50 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal and Uncontrolled Resource Consumption in Werkzeug (CVE-2024-49766, CVE-2024-49767)

Summary Werkzeug is used by IBM Storage Ceph for the Web Server Gateway Interface. CVE-2024-49766 CVE-2024-49767This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-49766 DESCRIPTION: Werkzeug is a Web Server Gateway...

7.5CVSS6.7AI score0.01093EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:50 p.m.9 views

Security Bulletin: IBM Storage Ceph is vulnerable to Prototype Pollution in ToughCookie via Grafana (CVE-2023-26136)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-26136 Vulnerability Details CVEID:CVE-2023-26136 DESCRIPTION: Versions of the package tough-cookie before 4.1.3 are vulnerable to...

9.8CVSS6.7AI score0.02542EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:49 p.m.6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Verification of Data Authenticity in Moby via Grafana (CVE-2024-24557)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2024-24557 Vulnerability Details CVEID:CVE-2024-24557 DESCRIPTION: Moby is an open-source project created by Docker to enable softwa...

7.8CVSS6.5AI score0.00258EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/29 8:47 p.m.3 views

Security Bulletin: IBM Storage Ceph is vulnerable to Inefficient Regular Expression Complexity in Babel via Grafana (CVE-2025-27789)

Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2025-27789 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When...

6.2CVSS6.8AI score0.00478EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35598