Security Bulletin: SOAR App Host is using a component with a known vulnerability (CVE-2026-1188)

Summary IBM SOAR App Host uses an older version of the OMR component in OpenJ9 JVM that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 1.15.7.0 Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTIO...

CVE-2025-0556

In Progress® Telerik® Report Server, versions prior to 2025 Q1 11.0.25.211 when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local netwo...

PT-2025-6792 · Progress · Progress Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2025 Q1 11.0.25.211 Description: The issue concerns the communication of non-sensitive information between the service agent process and app host process in In Progress Telerik Report Server...

Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities (CVE-2023-22081, CVE-2023-22067, CVE-2023-5676)

Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.0.2 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.1.1...

KodExplorer Cross-Site Scripting Vulnerability

KodExplorer is a web file manager by the individual developer warlee. A cross-site scripting vulnerability exists in KodExplorer version 4.51, which stems from the APPHOST parameter in config/i18n/en/main.php, which can be used to obtain sensitive information and elevate privileges...

Security Bulletin: IBM Security SOAR is using a component with multiple known vulnerabilities - IBM JDK 8.0.7.6

Summary IBM® Security SOAR includes an older version of IBM JDK that may be identified and exploited. An update has been released which addresses these issues. The version of IBM JDK included in the latest version of SOAR App Host and IBM Security Soar is 8.0.7.10. Vulnerability Details...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when creating HTTPS web requests while building X509 certificate chains. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

Security Bulletin: Resilient App Host uses higher permissions than required for containers hosted on it.

Summary Resilient App Host uses higher permissions than required for containers hosted on it which may be exploited by a malicious application. Vulnerability Details CVEID: CVE-2021-29802 DESCRIPTION: IBM Security SOAR performs an operation at a privilege level that is higher than the minimum lev...