Security Bulletin: IBM Storage Protect Server is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS due to IBM SDK, Java (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary IBM SDK, Java is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE,...

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a partial denial of service and a JNI function returning incorrect value length due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to an unauthenticated attacker performing a partial denial of service partial DOS CVE-2024-21208, CVE-2024-21217 and JNI function GetStringUTFLength returning incorrect value length when...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

Summary There are multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows. All platforms are affected, and all previous versions may also be affected. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: In Eclipse OpenJ9 release versions prior to 0.44...

Security Bulletin: IBM Installation Manager is affected by a vulnerability in the IBM SDK Java Technology Edition.

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition Versions 8 used by IBM Installation Manager and IBM Packaging Utility. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a han...

CVE-2025-27899

CVE-2025-27899 is an IBM Db2 Recovery Expert for Linux, UNIX and Windows vulnerability where sensitive information is disclosed in an environment variable. The IBM security bulletin in connected documents confirms the affected product as DB2 Recovery Expert for LUW and states the issue arises fro...

CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

CVE-2025-27901

IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection (improper validation of HOST headers). Exploitation could enable cross-site scripting, cache poisoning, or session hijacking. Affected product/version: DB2 Recovery Expert for LUW 5.5 IF 2. Remediation: upg...

CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-27903 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-27904 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-27904 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-27904

CVE-2025-27904 is a CSRF vulnerability in IBM Db2 Recovery Expert for LUW. Affected product: DB2 Recovery Expert for Linux, UNIX and Windows (5.5 IF 2). Description confirms that an attacker could trigger malicious actions transmitted from a trusted user session due to cross-site request forgery....

CVE-2025-33042

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

PYSEC-2026-26

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

CVE-2025-33042

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

EUVD-2025-206910

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

CVE-2025-33042

CVE-2025-33042 : Improper control of generation of code (Code Injection) in the Apache Avro Java SDK. Affects all versions up to 1.11.4 and 1.12.0; upgrading to 1.12.1 or 1.11.5 fixes the issue. CVSS v3.1 base score 7.3 (HIGH). Connected IBM advisories confirm the same vulnerability and the recom...

PT-2026-7986

Name of the Vulnerable Software and Affected Versions Apache Avro Java SDK versions through 1.11.4 and version 1.12.0 Description An Improper Control of Generation of Code 'Code Injection' issue exists in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. The flaw...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM shipped with IBM Buinses Automation Workflow (Januar 2026 CPU and CVE-2026-1188)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server in IBM Business Automtation Workflow traditional. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...