Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service due to jose4j (CVE-2024-29371)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting...

Security Bulletin: IBM OpenPages mitigates Host header injection vulnerability (CVE-2025-36223)

Summary A vulnerability in IBM OpenPages could allow an attacker to manipulate the Host header in a request, potentially influencing the response data. In certain redirection scenarios, user navigation could be influenced in unintended ways, potentially leading to exposure to untrusted...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Encoding or Escaping of Output due to xmldom ( CVE-2021-32796 )

Summary IBM App Connect Enterprise is vulnerable to Improper Encoding or Escaping of Output due to xmldom. Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions...

Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability

Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability [CVE-2025-26791]

Summary IBM Security SOAR uses an older version of DOMpurify that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to the latest applicable fix pack 51.0.5.1 . Vulnerability Details CVEID:CVE-2025-26791...

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2023-6237, CVE-2023-6129, CVE-2023-5678, CVE-2024-0727 Vulnerability Details CVEID:CVE-2023-6237 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in...

Security Bulletin: Order Management is subject to vulnerabilities regarding XML service where a remote attacker could exploit this vulnerability.

Summary Order Management removed parts of legacy code that carried vulnerabilites. The code did contain CVE-2009-2625, CVE-2013-4002, CVE-2012-0881, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to...

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.

Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM Rational ClearCase. CVE-2023-28322, CVE-2023-28320, CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caus...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. (CVE-2023-26022)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash when an Out of Memory occurs. Vulnerability Details CVEID:CVE-2023-26022 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash when an...

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager (CVE-2023-25921, CVE-2023-25926, CVE-2023-25685, CVE-2023-25922, CVE-2023-25925)

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2 and v4.1.1.7. Please upgrade to GKLM v4.2 or apply the latest fix packs 4.1.1 FP 7 for the fixes...

Vulnerabilities fixed in IBM DB2

IBM has fixed vulnerabilities in DB2. A malicious person could exploit the vulnerabilities to cause a denial-of-service, or to gain access to sensitive data. IBM has released updates to fix the vulnerabilities in DB2 10.5, 11.1 and 11.5. For more information and the related FixPacks, see:...

Security Bulletin: Vulnerabilities in Apache Log4j impact IBM Cloud Application Business Insights (CVE-2021-45105, CVE-2021-45046)

Summary IBM Cloud Application Business Insights ICABI is vulnerable to denial of service due to Apache Log4j CVE-2021-45105 and arbitrary code execution due to Apache Log4j CVE-2021-45046 Vulnerability Details CVEID:CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

Security Bulletin: Vulnerability (CVE-2021-41041) in Eclipse Openj9 affects CICS Transaction Gateway Desktop Edition

Summary Eclipse Openj9 is used by CICS Transaction Gateway Desktop Edition. The fix removes vulnerability CVE-2021-41041 that could allow a remote attacker to bypass security restrictions. Vulnerability Details CVEID:CVE-2021-41041 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypa...

Security Bulletin: Potential security vulnerability in WebSphere Application Server CVE-2013-1768 PM86780

Abstract Potential security vulnerability in WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-1768 PM86780, PM86786, PM86788 and PM86791 DESCRIPTION: Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file syste...

Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067)

Abstract Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server CVE-2013-4066 and CVE-2013-4067 Content Security vulnerabilities exist in various versions of IBM Information Server or constituent products. See the individual descriptions for details...

Security Bulletin: WebSphere Application Server Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Abstract Java API Documentation contains a frame injection vulnerability. Content VULNERABILITY DETAILS: CVEID: CVE-2013-1571 DESCRIPTION: HTML documentation generated by the Javadoc tool contains a security vulnerability. The vulnerability allows an attacker to craft a malicious link to the...

Security Bulletin: Potential security exposure when using InfoSphere BigInsights due to vulnerability in Jetty

Abstract IBM InfoSphere BigInsights makes use of Jetty. A vulnerability in Jetty allows remote attackers to cause a denial of service. Content VULNERABILITY DETAILS: CVE-2011-4461 DESCRIPTION: A vulnerability in Jetty allows remote attackers to cause a denial of service CPU consumption by sending...

Security Bulletin: IBM FileNet Business Process Manager – XML 4J denial of service attack (CVE-2013-4002)

Abstract The XML4J parser that is shipped with the IBM FileNet Business Process Manager is vulnerable to a denial of service attack, which is triggered by malformed XML data. Content The products that are listed below can be affected by security vulnerabilities reported to the Apache Xerces-J...

Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FileNet Business Process Manager. Content The products that are listed below can be affected by security vulnerabilities as reported by Oracle April 2013 Critical Patch updates: · IBM FileNet Busine...