1615 matches found
CVE-2026-4051
CVE-2026-4051 concerns IBM Engineering Lifecycle Management - Jazz Foundation. Affected products/versions: 7.0.3 (through iFix021), 7.1.0 (through iFix009), 7.2.0 (through iFix001). Root cause: an exposed method that is not properly restricted, enabling a user with administrative privileges to pe...
CVE-2025-36221
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...
CVE-2025-36220
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
EUVD-2025-209932
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...
CVE-2025-36221
Summary: CVE-2025-36221 affects IBM Cloud Pak for Data System – Cyclops 11.3.0.2 with Interim Fix 002. The root cause is the use of default passwords from the manufacturing process during installation, which could allow an attacker to bypass authentication. Impact (as documented): Authentication ...
CVE-2025-36221 Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication...
EUVD-2025-209931
IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
IBM Cloud Pak for Data System 安全漏洞
IBM Cloud Pak for Data System is an enterprise data and AI integration platform provided by IBM. The version 11.3.0.2 of IBM Cloud Pak for Data System, as well as the Interim Fix 002, contain security vulnerabilities. These vulnerabilities stem from the use of default passwords during the...
IBM Cloud Pak for Data System SQL注入漏洞
IBM Cloud Pak for Data System is an enterprise data and AI integration platform provided by IBM. Version 11.3.0.2 of IBM Cloud Pak for Data System, as well as the Interim Fix 002, contain a SQL injection vulnerability. This vulnerability allows for SQL injection attacks, potentially enabling remo...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: A missing return value check bug has been fixed. In the smb2sendinterimresp function, if ksmbdallocworkstruct fails to allocate a node, it returns a NULL pointer to the inwork pointer. This can lead to an illegal memory...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability (CVE-2026-3621)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an identity spoofing vulnerability when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the serve...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by identity spoofing (CVE-2026-3621)
Summary IBM WebSphere Application Server Liberty is affected by identity spoofing when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the server. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION: IBM WebSphere...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for January 2026
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 IF001 Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Engineering Test Management are affected by cross-site scripting (CVE-2025-12635)
Summary IBM WebSphere Application Server is affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. Following IBM® Engineering Lifecycle Management...
Security Bulletin: IBM Engineering Lifecycle Management products using IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)
Summary IBM WebSphere Application Server Liberty with versions ranging 17.0.0.3 - 26.0.0.2 could provide weaker than expected security when using the Security Utility when administering security settings. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it ha...
Security Bulletin: Multiple vulnerabilities in IBM SDK, Java technology affect IBM Tivoli Composite Application Manager for Transactions (Response Time)
Summary IBM SDK, Java Technology Edition is used by IBM Tivoli Composite Application Manager for Transactions Response Time Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability (CVE-2025-14915)
Summary IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details CVEID:CVE-2025-14915 DESCRIPTION: IBM WebSphere Application Server Liberty is affected by privilege escalatio...
Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917)
Summary IBM WebSphere Application Server Liberty could provide weaker than expected security administering security settings when the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature is enabled. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: I...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)
Summary IBM WebSphere Application Server Liberty is affected by server-side request forgery with the samlWeb-2.0 feature enabled. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remot...