Security Bulletin: IBM WebSphere Automation is vulnerable to CVE-2026-35554 which affects the kakfa client library

Summary IBM WebSphere Automation is vulnerable to CVE-2026-35554, which causes a race condition in the Apache Kafka Java producer client's buffer pool management which can cause messages to be silently delivered to incorrect topics. Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race...

Security Bulletin: IBM WebSphere Automation is vulnerable to multiple security vulnerabilites

Summary Multiple security vulnerabilites were identified in the Open Liberty baseimage which is shipped with IBM WebSphere Automation. Vulnerability Details CVEID:CVE-2015-20107 DESCRIPTION: In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands...

Security Bulletin: IBM WebSphere Automation is affected by MongoDB security vulnerability

Summary IBM WebSphere Automation is affected by a MongoDB security vulnerability CVE-2025-14847. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This...

EUVD-2024-25861

Malicious code in bioql PyPI...

EUVD-2022-46871

Malicious code in bioql PyPI...

EUVD-2024-52327

Malicious code in bioql PyPI...

EUVD-2024-25850

Malicious code in bioql PyPI...

EUVD-2022-27639

Malicious code in bioql PyPI...

EUVD-2022-46870

Malicious code in bioql PyPI...

CVE-2024-28764

IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623...

CVE-2022-43901

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID:...

CVE-2022-43900

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827...

Security Bulletin: IBM WebSphere Automation is vulnerable to an arbitrary code execution (CVE-2025-27363).

Summary IBM WebSphere Automation is vulnerable to an arbitrary code execution. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structure...

Security Bulletin: IBM WebSphere Automation is vulnerable to an unauthorized code or commands execution weakness (CVE-2024-54181)

Summary IBM WebSphere Automation is vulnerable to an unauthorized code or commands execution weakness. Vulnerability Details CVEID:CVE-2024-54181 DESCRIPTION: IBM WebSphere Automation could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Usi...

Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to information disclosure and weaker security (CVE-2022-43901, CVE-2022-43900)

Summary IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could disclose sensitive information and contain weaker than expected security. This has been addressed. Vulnerability Details CVEID:CVE-2022-43901 DESCRIPTION: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could...

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

IBM WebSphere Automation Command Injection Vulnerability

IBM WebSphere Automation is an automation management software from IBM for optimizing and managing data center resources. A security vulnerability exists in IBM WebSphere Automation version 1.7.5. A remote attacker could exploit the vulnerability to execute arbitrary code on the system...

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

CVE-2024-54181 IBM WebSphere Automation command injection

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...