Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-boot (CVE-2026-40973, CVE-2026-40975, CVE-2026-40977)

Summary IBM Sterling Control Center is affected by vulnerabilities CVE-2026-40973, CVE-2026-40975, CVE-2026-40977 reported for spring-boot-3.4.11.jar. Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take control of the...

CVE-2026-40975

Values produced by $random.value are not suitable for use as secrets. $random.uuid is not affected. $random.int and $random.long should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15...

CVE-2026-5088

Apache::API::Password versions through 0.5.2 for Perl can generate insecure random values for salts. The makesalt and makesaltbcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate random bytes for the salt. If those modules are unavailable, it will simply...

Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Standard Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-36187 DESCRIPTION: IBM...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to Cryptographic Weakness in IBM Liberty Server ( CVE-2020-36732)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cryptographic weakness vulnerability Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an intege...

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of Insufficiently Random Values vulnerability (CVE-2025-7783)

Summary There is 1 vulnerability in form-data-2.3.3.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-7783. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...

Security Bulletin: IBM Automation Decision Services for Jan 2026- Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783...

CVE-2026-2966

Cesanta Mongoose

ROS-20260129-73-0049

Vulnerability in nextcloud-app-calendar related to the use of insufficiently randomized values. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

CVE-2025-9290

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

Security Bulletin: A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation for Cloud Pak (CVE-2020-36732).

Summary A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation for Cloud Pak. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifies the fixes required to address this...

MiracleLinux 8 : nodejs:18 (AXSA:2025-9678:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9678:01 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable h...

MiracleLinux 8 : nodejs:22 (AXSA:2025-9681:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9681:01 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs...

MiracleLinux 9 : nodejs:20 (AXSA:2025-9682:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9682:01 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs...

MiracleLinux 9 : nodejs:22 (AXSA:2025-9686:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9686:01 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083 nodejs...

CVE-2022-26080

Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus System Controller NE843S, ABB Infinity DC Power Plant.This issue affects Pulsar Plus System Controller NE843S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C2 G4612 – comcode 150047415...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.2.2 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732. This bulletin contains information addressing the vulnerability. Vulnerability Details...

Amazon Linux 2023 : amd-ucode-firmware, iwl100-firmware, iwl105-firmware (ALAS2023-2025-1307)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1307 advisory. Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. CVE-2025-54514 Improper...