Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...

Security Bulletin: Due to use of Nodejs Express.js, multiple vulnerabilities affect IBM Cloud Pak System[CVE-2024-43796, CVE-2024-43799, CVE-2024-43800]

Summary Multiple vulnerabilities in Send cross-site scripting XSS within the SendStream.redirect, serve-static built-in and response.redirect found in Node.js Express.js which is used by IBM Cloud Pak System. Vulnerabilities were addressed by IBM Cloud Pak System. Vulnerability Details...

Security Bulletin: IBM Cloud Pak System is vulnerable to an Improper Access Control due to use of Apache Commons BeanUtils [CVE-2025-48734]

Summary Due to use of Apache Commons BeanUtils IBM Cloud Pak System is vulnerable to an Improper Access Control. IBM Cloud Pak System addressed vulnerability. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospecto...

Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...

Security Bulletin: Multiple vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Open Source affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System version 2.3.6.1 and IBM Cloud Pak System version 2.3.5.1. Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for...

Security Bulletin: Due to use of IBM Tivoli Monitoring , IBM Cloud Pak System is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-39573 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by a flaw in the modrewrite. By sending a specially crafted request, an attacker could exploit...

Security Bulletin: IBM Cloud Pak System is vulnerable to HTML injection[CVE-2023-38007].

Summary IBM Cloud Pak System is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Vulnerability was addressed in IBM Cloud Pak System. Vulnerability...

Security Bulletin: IBM Java Buffer overflow vulnerability affects IBM Cloud Pak System[CVE-2026-1188]

Summary IBM Java Buffer overflow vulnerability in Eclipse OMR port library affects IBM Cloud Pak System. Vulnerability was addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an AP...

Security Bulletin: Multiple Vulnerabilities identified in IBM Cloud Pak System

Summary Vulnerabilities identified in Cloud Pak System. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-38716 DESCRIPTION: IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, and 2.3.4.0 could disclose sensitive information about the...

Security Bulletin: : Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in dependencies

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in dependencies CVE-2026-33532, CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, CVE-2026-44431, CVE-2026-44432, CVE-2026-6321, CVE-2025-13465, CVE-2026-2950. The...

CVE-2025-36221

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios. CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042,...

CVE-2025-36221

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

CVE-2025-36221 Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2022-3219 DESCRIPTION: GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached,...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Axios. CVE-2026-40175 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Lodash

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Lodash. CVE-2026-2950, CVE-2026-4800 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2950 DESCRIPTION: Impact: Lodash versions 4.17.23 and...

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in undici CVE-2026-1525, CVE-2026-1526, CVE-2026-1527, CVE-2026-1528, CVE-2026-2229, CVE-2026-2581. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION:...