Vulnerabilities in libxml2 (CVE-2026-0989 CVE-2026-0990 CVE-2026-0992) affect AIX

IBM SECURITY ADVISORY First Issued: Thu May 28 14:13:09 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2advisory11.asc Security Bulletin: Vulnerabilities in libxml2 CVE-2026-0989, CVE-2026-0990, CVE-2026-0992,...

Security Bulletin: Multiple vulnerabilities impact AIX due to OpenSSL

Summary Vulnerabilities in OpenSSL could send contents of an uninitialized memory buffer CVE-2026-31790, cause a use-after-free CVE-2026-28387, cause a NULL pointer dereference CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, or lead to a buffer overflow CVE-2026-31789. OpenSSL is used by AIX as...

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

EUVD-2018-12469

Malware in sbrugna...

SUSE CVE-2018-1890

IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms January 2019 CPU (CVE-2018-1890, CVE-2019-2426)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in January 2019. There are multiple vulnerabilities in IBM® SDK...

Security Bulletin: Java Vulnerability Affects IBM Connect:Direct Web Services (CVE-2018-1890)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by IBM Connect:Direct Web Services. These issues were disclosed as part of the IBM Java SDK updates in March 2019 Vulnerability Details CVE-ID: CVE-2018-1890 Description:On the AIX...

IBM Java 8.0 < 8.0.5.30

The version of IBM Java installed on the remote host is prior to 8.0 8.0.5.30. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update March 2019 advisory. - IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate cod...

IBM Java 7.0 < 7.0.10.50 / 7.1 < 7.1.4.50 / 8.0 < 8.0.5.40 Multiple Vulnerabilities

The version of IBM Java installed on the remote host is prior to 7.0 7.0.10.50 / 7.1 7.1.4.50 / 8.0 8.0.5.40. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Update July 2019 advisory. - Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on...

Security Bulletin: IBM Data Replication Affected by Multiple Vulnerabilities in IBM Java SDK

Summary This bulletin covers common Java SDK vulnerability findings in the IBM Java SDK packaged with this offering. Vulnerability Details CVEID: CVE-2019-11771 DESCRIPTION: Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the inclusion of unused...

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect Connect:Direct Web Service

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0.6.5, used by Connect : Direct web service. Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-11771 DESCRIPTION: Eclipse OpenJ9 could allow a local attacker ...

Multiple vulnerabilities fixed in IBM Java SDK for AIX

Several vulnerabilities in IBM SDK Java Technology Edition have been fixed that are used by AIX. The vulnerabilities can lead to attacks with the following categories of damage: Denial-of-Service DoS. Access to sensitive data Increased user privileges IBM has released updates to fix the...

Security Bulletin: Multiple Java Vulnerabilities Impact IBM Control Center (CVE-2018-3180, CVE-2018-1890)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by IBM Control Center. This issue was disclosed as part of the IBM Java SDK updates in October 2018 and January 2019. Vulnerability Details CVEID: CVE-2018-3180 DESCRIPTION: An...

Security Bulletin: Java Vulnerability Impacts IBM Control Center (CVE-2019-4473 and CVE-2019-11771)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by IBM Control Center. This issue was disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability Details CVEID: CVE-2019-4473 DESCRIPTION: Multiple binaries in IBM SD...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SPSS Modeler (CVE-2019-4473,CVE-2019-11771)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version JRE7SR10FP10, JRE8SR4FP10 and JRE8SR5FP25 used by IBM SPSS Modeler on AIX 64-bit pSeries platform. These issues were disclosed as part of the IBM Java SDK updates in July 2019. Vulnerability Details If you run yo...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Rational ClearCase on the AIX platform. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details If you run your own Java code using the IBM Java Runtime delivered with...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker V8.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7.0.10.45 used by WebSphere Message Brokerr V8. These issues were disclosed as part of the IBM Java SDK updates in July 2019 Vulnerability Details CVEID: CVE-2019-2816 DESCRIPTION: An unspecified vulnerabili...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.37 & Versions 7.0.10.45 used by IBM Integration Bus & IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in July 2019 Vulnerability Details CVEID:...

Security Bulletin: Multiple Vulnerabilities in IBM java Runtime Affect IBM Sterling External Authentication Server

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 1.8 used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in January 2019. Vulnerability Details CVEID: CVE-2018-12547 DESCRIPTION: Eclipse OpenJ9 is...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6, 8 used by IBM Tivoli Business Service Manager. IBM Tivoli Business Service Manager has addressed the applicable CVEs. These issues were also addressed by IBM WebSphere Application Server shipped with IBM...