Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34981 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/09 11:54 a.m.5 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-33104)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

7.6CVSS6.5AI score0.00124EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/09 11:53 a.m.8 views

Security Bulletin: IBM Java: Two OpenJ9 internal ASCII to EBCDIC string wrapper vulnerabilities on z/OS (CVE-2025-1470,CVE-2025-1471,CWE-787)

Summary IBM Java: Two OpenJ9 internal ASCII to EBCDIC string wrapper vulnerabilities on z/OS CVE-2025-1470,CVE-2025-1471,CWE-787 Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities...

7.8CVSS8.2AI score0.00105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/09 11:52 a.m.8 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025- Includes Oracle Apr 2025 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

7.8CVSS7.1AI score0.00234EPSS
Exploits0Affected Software11
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/09 11:30 a.m.7 views

Security Bulletin: IBM Rhapsody Systems Engineering is using next-14.2.15.tgz which is vulnerable to CVE-2024-56332

Summary A security vulnerability was identified in the Next.js package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Following IBM® Engineering Lifecycle Engineering product is...

5.3CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/09 11:29 a.m.5 views

Security Bulletin: IBM Rhapsody Systems Engineering is using next-14.2.12.tgz which is vulnerable to CVE-2024-51479

Summary A security vulnerability was identified in the Next.js package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2024-51479 DESCRIPTION: Next....

7.5CVSS7.5AI score0.78509EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/09 10:44 a.m.7 views

Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the cryptography package

Summary Storage Virtualize Ansible Collection uses the cryptography package to provide common cryptographic algorithms. Version 42.0.5 of cryptography package is vulnerable to CVE-2024-12797. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public...

6.3CVSS6.6AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/09 4:36 a.m.11 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to injection due to cookie package ( CVE-2024-47764 )

Summary Potential vulnerabilities in cookie package CVE-2024-47764 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other...

6.9CVSS6.8AI score0.00205EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/07 1:8 a.m.15 views

Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation

Summary Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploi...

5.3CVSS6AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/07 1:5 a.m.16 views

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to a denial of service (CVE-2024-45338).

Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to a denial of service CVE-2024-45338. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix required to resolve the vulnerability...

5.3CVSS8.8AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/07 1:4 a.m.15 views

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

7.5CVSS9.6AI score0.0046EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/06 4:22 p.m.12 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to golang.org/x/text ( CVE-2022-32149 )

Summary golang.org/x/text is used by IBM Cloud Pak for Data. CVE-2022-32149. Vulnerability Details CVEID:CVE-2022-32149 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by improper input validation by the golang.org/x/text/language package. By sending a specially-crafted...

7.5CVSS6.7AI score0.00054EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/06 3:4 p.m.14 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Node.js dicer module denial of service (CVE-2022-24434)

Summary Potential vulnerabilities in Node.js dicer module CVE-2022-24434 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2022-24434 DESCRIPTION: This affects all versions of package dicer. A malicious attacker can send a modified form to server, and cra...

7.5CVSS6.4AI score0.01989EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/06 2:53 p.m.12 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to installation failure due to opm ( CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2015-3627, CVE-2023-25173, CVE-2023-25153, CVE-2022-23471, CVE-2023-24532 )

Summary Opm is used by IBM Cloud Pak for Data as part of the installation operator catalog. CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2015-3627, CVE-2023-25173, CVE-2023-25153, CVE-2022-23471, CVE-2023-24532. Vulnerability Details CVEID:CVE-2022-41724 DESCRIPTION: Golang Go is vulnerabl...

7.8CVSS7.3AI score0.00264EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/06 2:52 p.m.10 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to possible denial of service due to rack ( CVE-2024-25126 )

Summary Rack is a modular Ruby web server interface used by IBM Cloud Pak for Data as part of the platform. CVE-2024-25126. Vulnerability Details CVEID:CVE-2024-25126 DESCRIPTION: Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parse...

7.5CVSS6.3AI score0.0045EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/06 10:29 a.m.19 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.12 LTS and 12.12.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

8.8CVSS8.5AI score0.02674EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/06 10:27 a.m.13 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-45338]

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability. CVE-2024-45338 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an...

5.3CVSS6.7AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/05 5:55 p.m.21 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities in the dependent components have been addressed in the latest update to IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2022-48773 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer deref...

7CVSS7.7AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/05 5:39 p.m.9 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2025-22870

Summary golang.org/x/net-v0.25.0 and golang.org/x/net-v0.33.0 are used by the Scheduling Service. Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environmen...

4.4CVSS6.8AI score0.00032EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/05 2:41 p.m.7 views

Security Bulletin: IBM watsonx Code Assistant On Prem product impacted by Input Handling Vulnerability in Jinja2 3.1.5

Summary A vulnerability CVE-2025-27516 has been identified in the jinja2 Python templating library version 3.1.5, which impacts the IBM watsonx Code Assistant On-Premises product. The issue stems from improper handling of untrusted template input, which may allow attackers to bypass sandbox...

8.8CVSS7.4AI score0.00121EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/05 12:51 p.m.10 views

Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-55549 DESCRIPTION: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes. CWE:CWE-416: Use...

8.1CVSS8.7AI score0.01125EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/05 12:19 p.m.23 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.297 Vulnerability Details CVEID:CVE-2023-6918 DESCRIPTION: A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto...

8.1CVSS9.6AI score0.52998EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/05 12:15 p.m.9 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.297 Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields...

5.3CVSS8.5AI score0.01473EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/05 7:40 a.m.9 views

Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.

Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41232...

9.1CVSS6.7AI score0.00351EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/05 6:31 a.m.5 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to Prototype Pollution due to fast-xml-parser ( CVE-2023-26920 )

Summary fast-xml-parser is used by IBM Cloud Pak for Data. CVE-2023-26920. Vulnerability Details CVEID:CVE-2023-26920 DESCRIPTION: Natural Intelligence fast-xml-parser could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the tag or attribu...

6.5CVSS8AI score0.00199EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/05 6:12 a.m.19 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 1.1.0 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via callback field ServerConfig.PublicKeyCallback may be susceptible to an...

9.9CVSS8.3AI score0.32338EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 11:1 p.m.9 views

Security Bulletin: Security vulnerabilities were discovered in IBM Verify Identity Access Digital Credentials (CVE-2024-56342, CVE-2024-56343)

Summary Security vulnerabilities were addressed in IBM Verify Identity Access Digital Credentials. Vulnerability Details CVEID:CVE-2024-56342 DESCRIPTION: IBM Verify Identity Access Digital Credentials could allow a remote attacker to obtain sensitive information when a detailed technical error...

6.5CVSS6.3AI score0.00209EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 11:0 p.m.20 views

Security Bulletin: Security vulnerabilities were discovered in IBM Application Gateway

Summary Security vulnerabilities were addressed in IBM Application Gateway. Vulnerability Details CVEID:CVE-2022-31629 DESCRIPTION: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser...

9.1CVSS7.3AI score0.24971EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 7:10 p.m.26 views

Security Bulletin: Multiple vulnerabilities which can affect IBM Storage Scale are now addressed. (CVE-2024-45337, CVE-2024-45338)

Summary There are several vulnerabilities in IBM Storage Scale which could provide weaker than expected security that are now addressed CVE-2024-45337, CVE-2024-45338 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...

9.1CVSS8AI score0.32338EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 5:31 p.m.22 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2025-25019 DESCRIPTION: IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not...

9.6CVSS6.5AI score0.00463EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 3:36 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a man-in-the-middle vulnerability in RFC7250 Raw Public Keys [CVE-2024-12797]

Summary IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a man-in-the-middle vulnerability in RFC7250 Raw Public Keys RPKs, due to server authentication failure which is susceptible to man-in-the-middle attack CVE-2024-12797. RFC7250 Raw Public Keys are used in our Speech service...

6.3CVSS6.5AI score0.00804EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 3:5 p.m.12 views

Security Bulletin: Multiple vulnerabilities in libxml2 affect AIX/VIOS

Summary Vulnerabilities in libxml2 could allow a use-after-free CVE-2024-56171, a NULL pointer dereference CVE-2025-27113, a buffer overflow CVE-2025-24928, or a heap-based buffer under-read CVE-2025-32415. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details...

9.8CVSS7.3AI score0.00235EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 12:28 p.m.7 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to uncaught exception due to eemeli/yaml ( CVE-2023-2251 )

Summary eemeli/yaml is used by IBM Cloud Pak for Data. CVE-2023-2251. Vulnerability Details CVEID:CVE-2023-2251 DESCRIPTION: YAML is vulnerable to a denial of service, caused by an uncaught exception in the parseDocument and parseAllDocuments functions. By sending a specially crafted input, a...

7.5CVSS6.6AI score0.00574EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 10:5 a.m.8 views

Security Bulletin: There is a vulnerablity in the axios library affecting IBM watsonx Code Assistant IDE Extensions

Summary There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and...

8.7CVSS6.6AI score0.00212EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 9:15 a.m.25 views

Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033

Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal Score:...

6.8CVSS6.6AI score0.00391EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/04 8:5 a.m.8 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager CVE-2025-27907)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

4.1CVSS6.5AI score0.00123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 4:1 p.m.10 views

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer

Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component cou...

7.8CVSS7.3AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 3:10 p.m.5 views

Security Bulletin: IBM Rational Developer for i is affected by an unspecified Java runtime encryption vulnerability (CVE-2025-21587).

Summary IBM Rational Developer for i is affected by an unspecified Java runtime encryption vulnerability. IBM Rational Developer for i has addressed the vulnerability with a fix as described in the remediation/fixes section. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified...

7.4CVSS7.1AI score0.00226EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 1:56 p.m.21 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to the Sweet32 attack.

Summary The 3DES cipher was available in some TLS cipher suites. Vulnerability Details CVEID:CVE-2016-2183 DESCRIPTION: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which...

7.5CVSS7.3AI score0.40993EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 1:54 p.m.9 views

Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45338.

Summary golang.org/x/net-v0.24.0 is used by the CP4D Scheduling Service. CVE-2024-45338. Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow...

5.3CVSS6.4AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 11:35 a.m.25 views

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide...

8.1CVSS10AI score0.1054EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 11:15 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.4.tgz, dompurify-3.2.5.tgz CVE-2025-48050

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.4.tgz, dompurify-3.2.5.tgz CVE-2025-48050. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48050 DESCRIPTION: In DOMPurify through 3.2.5 before...

7.5CVSS6.3AI score0.00392EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 11:13 a.m.4 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component in IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary IBM Maximo Application Suite - Monitor Component IBM in WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF CVE-2025-23184. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-23184...

7.5CVSS7.4AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 10:57 a.m.3 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.18-py3-none-any.whl CVE-2025-26699

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.18-py3-none-any.whl CVE-2025-26699. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-26699 DESCRIPTION: An issue was discovered in Django 5.1 before...

7.5CVSS5AI score0.00287EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 10:33 a.m.13 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz (Publicly disclosed vulnerability found by Mend)

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses elliptic-6.5.4.tgz Publicly disclosed vulnerability found by Mend. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48948 DESCRIPTION: The Elliptic...

9.1CVSS8.9AI score0.02898EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 9:19 a.m.5 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM Business Automation Workflow due to the April 2025 CPU

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

6.8AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 8:20 a.m.8 views

Security Bulletin: IBM Engineering Systems Design Rhapsody was affected by CVE-2024-38081

Summary IBM Engineering Systems Design Rhapsody was affected by Microsoft .NET privilege escalation. Risk was signaficantly low. We have upgraded our Build Environment to resolve this vulnerability. Vulnerability Details CVEID:CVE-2024-38081 DESCRIPTION:.NET, .NET Framework, and Visual Studio...

7.3CVSS6.2AI score0.008EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 8:19 a.m.7 views

Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-6763

Summary jetty-http-12.0.9.jar, jetty-server-12.0.9.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JARs to org.eclipse.jetty:jetty-http:12.0.12;org.eclipse.jetty:jetty-server:12.0.12 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight,...

5.3CVSS6.1AI score0.01189EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 8:18 a.m.6 views

Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-47554

Summary commons-io-2.11.0.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JAR to 2.14.0. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class m...

4.3CVSS6.3AI score0.00127EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 5:40 a.m.13 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to exposing sensitive information due to Flask ( CVE-2023-30861 )

Summary Flask is used by IBM Cloud Pak for Data. CVE-2023-30861. Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by missing Vary: Cookie header. By sending a specially crafted request, an attacker could...

7.5CVSS6.1AI score0.00221EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/06/03 5:37 a.m.9 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to HTTP Request Smuggling due to Gunicorn ( CVE-2024-1135 )

Summary Gunicorn is used by IBM Cloud Pak for Data. CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a specially crafted HTTPS transfer-encoding...

7.5CVSS5.7AI score0.00085EPSS
Exploits0Affected Software1
Total number of security vulnerabilities34981