85359 matches found
Security Bulletin: Due to use of IBM Tivoli Monitoring , IBM Cloud Pak System is affected by multiple vulnerabilities.
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-38473 DESCRIPTION: Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System version 2.3.6.1 and IBM Cloud Pak System version 2.3.5.1. Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for...
PT-2026-55583
Name of the Vulnerable Software and Affected Versions IBM i versions 7.3 through 7.6 Description A remote attacker can send a specifically crafted message to downgrade the Transport Layer Security TLS protocol to a version that has been disabled in the server configuration. This issue involves th...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in golang.org/x/net
Summary Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in golang.org/x/net. CVE-2026-33814 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loo...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in net
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in net. CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-39821, CVE-2026-42502, CVE-2026-42506 The vulnerabilities have been addressed. Vulnerability Details...
CVE-2026-11712
creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:22+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 08:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpq3olhqew23 2026-07-03 10:07:39+00:00| seen|...
CVE-2026-11708
creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:19+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 07:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mppzywkxsk2r 2026-07-03 10:11:27+00:00| seen|...
CVE-2026-11546
creationtimestamp| type| source ---|---|--- 2026-07-02 08:28:02+00:00| seen| https://www.hkcert.org/security-bulletin/ibm-websphere-products-multiple-vulnerabilities20260702 2026-07-03 10:11:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqcm5w3m52i...
Security Bulletin: IBM MQ for HPE NonStop is vulnerable to an issue in zlib (CVE-2026-27171)
Summary IBM MQ for HPE NonStop is vulnerable to an issue in versions of zlib, due to excessive CPU consumption when inputs are not properly validated. Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because...
USN-8488-1 linux, linux-aws, linux-gcp, linux-ibm, linux-oracle, linux-realtime vulnerabilities
It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information. CVE-2025-54505 Several security issues were discovered in the Linux kernel. An attacker could...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-40895)
Summary IBM Security SOAR uses an older version of the follow-redirects component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.1 Vulnerability Details CVEID:CVE-2026-40895...
IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.8 (7278576)
The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7278576 advisory. - There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead ...
CVE-2025-36359
IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system...
CVE-2025-36333
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow...
CVE-2025-36321
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-12530
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2026-11541 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability...
EUVD-2025-210384
IBM watsonx.data intelligence 5.2.2, 5.3.0, 5.3.1, 5.3.1 through patch-1 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...
CVE-2025-36319
CVE-2025-36319 affects IBM watsonx.data intelligence versions 5.2.0, 5.2.1, 5.2.2, and 5.3.0. The issue allows an authenticated user to trigger a temporary denial of service via a specially crafted HTTP request caused by improper allocation of resource throttling. The connected data sources do no...
EUVD-2025-210382
IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...