Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34986 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/28 6:36 a.m.8 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to CVE-2024-51453.

Summary IBM Sterling Secure Proxy is vulnerable to Path Traversal. Vulnerability Details CVEID:CVE-2024-51453 DESCRIPTION: IBM Sterling Secure Proxy could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot"...

7.5CVSS6.8AI score0.00211EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/28 2:23 a.m.16 views

Security Bulletin: FreeType Remote Code Execution Vulnerability found in IBM Netezza Performance Server

Summary FreeType is used in IBM Netezza Platform Server. IBM Netezza Platform Server has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when...

8.1CVSS7.5AI score0.70344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/27 11:25 p.m.70 views

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to address following vulnerabilities. Review the Vulnerability Details section below for additional information. CVE-2023-40547 CVSS Base Score:8.3, CVE-2024-5564 CVSS Base Score:8.1, CVE-2022-48624 CVSS Base Score:7.8, CVE-2022-48624 CVSS Bas...

8.6CVSS9.2AI score0.87555EPSS
Exploits17Affected Software6
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/27 6:27 p.m.11 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...

7.6CVSS6.3AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/27 6:22 p.m.12 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

7.6CVSS6.3AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/27 6:19 p.m.11 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...

7.6CVSS6.3AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/27 2:31 p.m.17 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish) [CVE-2020-14145].

Summary The OpenSSH package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2020-14145. Vulnerability Details CVEID:CVE-2020-14145 DESCRIPTION: OpenSSH is vulnerable to a man-in-the-middle attack, caused by an observable discrepancy...

5.9CVSS6.3AI score0.01254EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/27 12:14 p.m.14 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to json-smart (CVE-2024-57699)

Summary The Transformation Advisor tool in IBM App Connect Enterprise is vulnerable to a denial of service due to json-smart. Vulnerability Details CVEID:CVE-2024-57699 DESCRIPTION: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input,...

7.5CVSS6.9AI score0.00058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/27 10:53 a.m.9 views

Security Bulletin: Vulnerability in SUDO affects IBM Integrated Analytics System (Sailfish)[CVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465]

Summary The SUDO package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465 Vulnerability Details CVEID:CVE-2023-22809 DESCRIPTION: In Sudo before 1.9.12p2, the sudoedit aka -e...

7.8CVSS7AI score0.44372EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/27 7:44 a.m.16 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus is vulnerable to CVE-2025-4447

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update, plus CVE-2025-4447. For more information please refer to Oracle's April 2025 CPU Advisory and the CVE links referenced below...

7.8CVSS6.3AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/26 6:50 p.m.10 views

Security Bulletin: IBM Controller has addressed a security vulnerability (CVE-2025-33079)

Summary IBM Controller has addressed a security vulnerability that could allow an authenticated user to obtain sensitive credentials. This Security Bulletin relates only to the direct usage of third-party components by IBM Controller and not any nested dependencies within the product. Vulnerabili...

6.5CVSS6.2AI score0.00156EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/25 5:53 p.m.13 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-33104)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7.6CVSS6AI score0.00124EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/23 4:56 p.m.22 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Apache POI (CVE-2025-31672)

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Apache POI CVE-2025-31672. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the...

5.3CVSS5AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/23 11:14 a.m.19 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536.

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify- http-proxy-middleware-2.0.6.tgz which is vulnerable to CVE-2024-21536. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21536 DESCRIPTION:...

7.5CVSS7.5AI score0.00364EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/23 8:5 a.m.9 views

Security Bulletin: Due to use of WebSphere Application Server traditional IBM Tivoli System Automation Application Manager is vulnerable to a server-side request forgery (SSRF) vulnerability (CVE-2025-27907)

Summary A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2025-27907 Vulnerability Details CVEID:CVE-2025-27907 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request...

4.1CVSS6AI score0.00123EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/23 7:45 a.m.7 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli System Automation Application Manager (CVE-2025-33104)

Summary A cross site scripting vulnerability affecting the WebSphere Application Server has been addressed in a security bulletin. Vulnerability Details CVEID:CVE-2025-33104 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows...

7.6CVSS5.3AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/23 7:19 a.m.5 views

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server Liberty affect IBM Operations Analytics - Log Analysis (CVE-2025-23184, CVE-2025-25193)

Summary Vulnerabilities in the Apache CXF and Netty libraries affect IBM WebSphere Application Server Liberty, which is shipped in IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of...

7.5CVSS5.8AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/22 9:25 p.m.72 views

Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.

Summary TSSC/IMC addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2020-15778 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the remote function in scp.c. B...

9.8CVSS9.8AI score0.93858EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/22 5:4 p.m.3 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-handler-4.1.100.Final.jar

Summary IBM Watson Discovery Cartridge contains a vulnerable version of netty-handler-4.1.100.Final.jar Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to...

7.5CVSS6.5AI score0.00953EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/22 5:0 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.7.9.tgz

Summary IBM Watson Discovery Cartridge contains a vulnerable version of axios-1.7.9.tgz Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios...

8.7CVSS6.3AI score0.00212EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/22 2:51 p.m.6 views

Security Bulletin: Vulnerability in FreeType affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2025-27363]

Summary The FreeType package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVECVE-2025-27363 Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions o...

8.1CVSS8.4AI score0.70344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/22 2:15 p.m.21 views

Security Bulletin: IBM Security Guardium is affected by a Java Technology Edition Quarterly CPU - Apr 2024 vulnerabilities (CVE-2024-21094, CVE-2024-21085, CVE-2024-21011, CVE-2023-38264)

Summary IBM Security Guardium has addressed these vulnerabilities with updates. Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiality impact, low integrity impact, and n...

7.5CVSS5.3AI score0.00417EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/22 9:56 a.m.19 views

Security Bulletin: MANTA Automated Data Lineage is vulnerable to an authorization check bypass

Summary Next.js is used by MANTA Automated Data Lineage as part of the UI. CVE-2025-29927. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and...

9.1CVSS6.6AI score0.92118EPSS
Exploits55Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/22 9:27 a.m.32 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.295 Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the packageindex module. By...

8.8CVSS8.9AI score0.09875EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/22 7:50 a.m.17 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary WebSphere Application Server is included as part of IBM Tivoli Composite Application Manager for Application Diagnostics and has affected by a cross site vulnerability CVE-2025-33104 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

7.6CVSS6.5AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/22 6:33 a.m.13 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure messa...

7.5CVSS7.8AI score0.00591EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 5:36 p.m.16 views

Security Bulletin: IBM Aspera Faspex is affected by user input sanitization and HTML injection vulnerabilities

Summary IBM Aspera Faspex has addressed input sanitization and HTML injection vulnerabilities CVE-2025-33137, CVE-2025-33136, CVE-2025-33138 Vulnerability Details CVEID:CVE-2025-33137 DESCRIPTION: IBM Aspera Faspex 5 could allow an authenticated user to obtain sensitive information or perform...

8.8CVSS6.7AI score0.0021EPSS
Exploits0Affected Software6
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 3:0 p.m.12 views

Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms (CVE-2025-23184).

Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM TXSeries for Multiplatforms CVE-2025-23184. An update to IBM TXSeries for Multiplatforms has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-231...

7.5CVSS7.3AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 2:58 p.m.8 views

Security Bulletin: Vulnerability in Flatpak affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Flatpak has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

10CVSS7AI score0.06541EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 2:58 p.m.12 views

Security Bulletin: Vulnerability in jsonpath-plus affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in jsonpath-plus has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.8CVSS7.6AI score0.89929EPSS
Exploits5Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 2:57 p.m.10 views

Security Bulletin: Vulnerability in Elliptic package 6.5.7 for Node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Elliptic package 6.5.7 for Node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for addition...

4.8CVSS6.3AI score0.00162EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 2:55 p.m.10 views

Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard (CVE-2025-23184).

Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2025-23184. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A...

7.5CVSS7.3AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 2:51 p.m.10 views

Security Bulletin: There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2025-23184).

Summary There is a Denial of Service vulnerability due to Apache CXF in IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2025-23184. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A...

7.5CVSS7.3AI score0.00147EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 1:2 p.m.10 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a cross-site scripting vulnerability (CVE-2025-33104)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

7.6CVSS6AI score0.00124EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 12:46 p.m.7 views

Security Bulletin: WebSphere Service Registry and Repository (WSSR) is affected by IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository, and it uses the IBM® Java SDK. Information about the IBM® Java SDK April 2025 CPU is available in a Security Bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.8CVSS6.3AI score0.00234EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 9:30 a.m.17 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with a known vulnerability (CVE-2024-52337)

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVE. Vulnerability Details CVEID:CVE-2024-52337 DESCRIPTION: A log spoofing flaw was found in the Tuned package due to...

5.5CVSS6.4AI score0.00033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 6:53 a.m.12 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to Rack ( CVE-2024-26141 )

Summary Rack is used by IBM Cloud Pak for Data as part of the platform. CVE-2024-26141. Vulnerability Details CVEID:CVE-2024-26141 DESCRIPTION: Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Respondin...

7.5CVSS6.7AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/21 5:9 a.m.16 views

Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat (CVE-2025-31650 & CVE-2025-31651)

Summary IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-31650 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HT...

9.8CVSS7.2AI score0.2185EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/20 9:7 p.m.17 views

Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities

Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer...

9.1CVSS8AI score0.70344EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/20 4:40 p.m.13 views

Security Bulletin: AIX/VIOS is vulnerable to a denial of service due to ISC BIND

Summary Vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service CVE-2024-12705, CVE-2024-11187. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details CVEID:CVE-2024-12705 DESCRIPTION: Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's C...

7.5CVSS7.1AI score0.05622EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/20 4:39 p.m.10 views

Security Bulletin: AIX/VIOS is affected by a denial of service (CVE-2024-8176) due to Python

Summary Vulnerability in Python could allow a remote attacker to cause a denial of service CVE-2024-8176. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack overflow vulnerability exists in the libexpat library due t...

7.5CVSS7.4AI score0.00803EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/20 4:26 p.m.6 views

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities (CVE-2024-45641, CVE-2023-33861)

Summary IBM Security QRadar EDR Software is affected by multiple vulnerabilities that could allow a remote attacker to bypass security restrictions or spoof a trusted entity. These vulnerabilities have been addressed in the latest update. Vulnerability Details CVEID:CVE-2024-45641 DESCRIPTION: IB...

6.5CVSS7AI score0.0018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/20 2:32 p.m.13 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.295 Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space...

7.5CVSS8AI score0.00803EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/20 2:23 p.m.11 views

Security Bulletin: Vulnerability in [All] linux (Kernel) affects IBM Integrated Analytics System.

Summary Redhat provided All linux Kernel is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-52581, CVE-2023-52784, CVE-2023-52834, CVE-2023-52653, CVE-2023-52847, CVE-2023-52623, CVE-2023-52560, CVE-2023-52597, CVE-2023-52530,...

9.1CVSS8.4AI score0.00079EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/20 2:10 p.m.6 views

Security Bulletin: Vulnerability in [All] linux (Kernel) affects IBM Integrated Analytics System (Sailfish) [CVE-2024-47668].

Summary The All linux Kernel package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVE CVE-2024-47668. Vulnerability Details CVEID:CVE-2024-47668 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a rare race in...

4.7CVSS6.7AI score0.00009EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/20 11:48 a.m.6 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies.This bulletin contains information regarding the vulnerability...

9.1CVSS6.5AI score0.00202EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/20 9:21 a.m.60 views

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System (Sailfish) [CVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617].

Summary The OpenSSH package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-51385, CVE-2023-48795, CVE-2023-38408, CVE-2020-15778, CVE-2021-41617. Vulnerability Details CVEID:CVE-2023-51385 DESCRIPTION: OpenSSH could allow a...

9.8CVSS8.9AI score0.64352EPSS
Exploits28Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/19 3:12 p.m.10 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service [CVE-2025-47279]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for HTTP communications. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to addres...

3.1CVSS6.2AI score0.00047EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/19 4:26 a.m.18 views

Security Bulletin: Vulnerability in Sudo affects IBM Integrated Analytics System (Sailfish)[CVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465].

Summary The Sudo package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465. Vulnerability Details CVEID:CVE-2023-22809 DESCRIPTION: In Sudo before 1.9.12p2, the sudoedit aka -...

7.8CVSS7AI score0.44372EPSS
Exploits21Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/05/19 2:5 a.m.20 views

Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution (RCE) attack due to the jsonpath-plus ( CVE-2025-1302).

Summary IBM Event Streams is vulnerable to Remote Code Execution RCE due to the jsonpath-plus package, which is typically used for querying and extracting specific data from complex JSON documents, helping in parsing message payloads, filtering data within topics, and extracting specific fields f...

9.8CVSS7.5AI score0.89929EPSS
Exploits5Affected Software1
Total number of security vulnerabilities34986