Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed

Summary Vulnerabilities have been identified in Host Header Injection , which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2024-51454 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to HTTP header injection, caused...

Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IFix 1 Vulnerability Details CVEID:CVE-2025-11143 DESCRIPTION: The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass

Summary Authentication bypass vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2026-3660 DESCRIPTION: IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test management is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Engineering Test management Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons FileUpload

Summary A vulnerability has been identified in Apache Commons FileUpload, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-29371, CVE-2025-14923)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-29371, CVE-2025-14923. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can...

Security Bulletin: A vulnerability in Apache Commons Lang may affect IBM Jazz Reporting Service (CVE-2025-48924)

Summary Apache Commons Lang is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVE CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lan...

Security Bulletin: A vulnerability in Apache Commons FileUpload may affect IBM Jazz Reporting Service (CVE-2025-48976)

Summary Apache Commons FileUpload is used by IBM Jazz Reporting Service. IBM Jazz Reporting Service has addressed the applicable CVECVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Lodash (CVE-2025-13465)

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Lodash CVE-2025-13465. As documented in the remediation section, the vulnerability has been mitigated through removal of the vulnerable Lodash library and application of the recommended remediation measures...

Security Bulletin: IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika (CVE-2025-54988)

Summary IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika CVE-2025-54988. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika...

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to Deserialization of Untrusted Data due to Apache Commons Collections (CVE-2015-6420)

Summary Apache Commons Collections is shipped with IBM Tivoli Business Service Manager as part of its backend process to enhance Java operations. Information about a security vulnerability affecting Apache Commons Collections has been published in a security bulletin. Vulnerability Details...

CVE-2019-18243

HMI/SCADA iFIX Versions 6.1 and prior allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation...

CVE-2019-18255

HMI/SCADA iFIX Versions 6.1 and prior allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation...

Security Bulletin: IBM SPSS Analytic Server is affected by weaker than expected security due to crypto.js in IBM WebSphere Application Server Liberty (CVE-2020-36732)

Summary IBM SPSS Analytic Server is affected by weaker than expected security due to crypto.js in IBM WebSphere Application Server Liberty. CVE-2020-36732. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2....

Security Bulletin: IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924).

Summary IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang CVE-2025-48924. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache...

Security Bulletin: IBM SPSS Analytic Server is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty (CVE-2025-7962)

Summary IBM SPSS Analytic Server is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty CVE-2025-7962. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform ...

Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.

Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...

CVE-2025-36137 IBM Sterling Connect:Direct for UNIX command execution

IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director CCD users that could allow a privileged user to escalate their privileges...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by stored Cross-Site Scripting

Summary A vulnerability has been addressed by IBM Engineering Lifecycle Management - Jazz Foundation, related to stored Cross-Site Scripting. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2025-1826 DESCRIPTION: IBM Engineerin...

EUVD-2019-8041

Malware in sbrugna...