1896 matches found
Security Bulletin: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability (CVE-2025-33104)
Summary IBM WebSphere Application Server is affected by a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2025-33104 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W...
IBM DB2 DoS (7232336) (Windows)
According to its self-reported version number, IBM Db2 on Windows may be affected by a vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...
IBM DB2 DoS (7232336) (Unix)
According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. CVE-2024-52903...
Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer.This bulletin contains information regarding the vulnerability and its fixture...
IBM DB2 DoS (7232518) (Windows)
According to its self-reported version number, IBM Db2 on Windows may be affected by a vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. CVE-2025-1493 Not...
IBM DB2 DoS (7232518) (Unix)
According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. CVE-2025-1493 Note...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability (CVE-2025-27907)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Product...
Security Bulletin: IBM® Db2® could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. (CVE-2021-29825)
Summary IBM® Db2® could disclose sensitive information when using ADMINCMD with LOAD or BACKUP. Note: In addition to applying Special Build, registry variable DB2LOADRESTRICTEDIOPATH needs to be set to USEEXTBLLOCATION 11.1 or later, or one or more semi-colon separated paths. When using...
Security Bulletin: Stored Cross-Site Scripting in Tivoli Application Dependency Discovery Manager (CVE-2020-4339)
Summary Stored Cross Site Scripting vulnerabilities have been found during the test on TADDM. It is mostly exploited in order to hijack authenticated users sessions. The issue results from lack of proper input verification and lack of proper output encoding. A stored XSS takes place when any user...
Security Bulletin: Denial of Service in Logback used by Apache Zookeeper affect IBM Operations Analytics - Log Analysis (CVE-2023-6481)
Summary There is a potential denial of service in Logback that is used by Apache Zookeeper. This is caused by serialization vulnerability in Logback. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in...
Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-47561,CVE-2023-39410)
Summary There are deserialization of untrusted data and input validation vulnerabilities in Logstash that affect IBM Operations Analytics - Log Analysis. These have been addressed Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to...
Security Bulletin: IBM WebSphere Application Server is vulnerable to server-side request forgery (CVE-2025-27907)
Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Vulnerability Details CVEID:CVE-2025-27907 DESCRIPTION: IBM WebSphere Application Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests...
Security Bulletin: IBM Maximo Asset Management application is vulnerable to allow a remote attacker to traverse directories on the system. (CVE-2024-45652)
Summary IBM Maximo MXAPIASSET API could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. Vulnerability Details CVEID:CVE-2024-45652 DESCRIPTION: IBM Maxi...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to security annotations on parameterized types or methods. This may cause an authorization bypass. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to An unsafe reading of environment file could potentially cause a denial of service in Netty . This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to BCryptPasswordEncoder will incorrectly return true for passwords larger than 72 characters. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite Ai-Broker Component vulnerable to PyTorch to execute arbitrary code on the system.
Summary Security Bulletin: IBM Maximo Application Suite Ai-Broker Component may be vulnerable to PyTorch arbitrary code execution of Python code through the use of torch. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-48063...
Security Bulletin: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection (CVE-2022-35281)
Summary IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are vulnerable to CSV injection. Vulnerability Details CVEID:CVE-2022-35281 DESCRIPTION: IBM Maximo Asset Management and the IBM Maximo Manage application in IBM Maximo Application Suite are...
Security Bulletin: A vulnerability exists in Google Web Toolkit (GWT) framework used by ITNM (CVE-2007-2378)
Summary Vulnerability CVE-2007-2378 found in gwt-maps that is present in IBM Tivoli Network Manager ITNM IP Edition. The fix contains the removal of this library from ITNM Vulnerability Details CVEID:CVE-2007-2378 DESCRIPTION: The Google Web Toolkit GWT framework exchanges data using JavaScript...
Security Bulletin: Multiple Vulnerabilities Affect IBM Financial Transaction Manager for SWIFT Services (CVE-2022-4387, CVE-2022-43875)
Summary Multiple vulnerabilities affect IBM Financial Transaction Manager for SWIFT Services. These are addressed. Vulnerability Details CVEID:CVE-2022-43872 DESCRIPTION: IBM Financial Transaction Manager authorization checks are done incorrectly for some HTTP requests which allows getting...