73 matches found
Security Bulletin: Updating Java in Identity Insight 10.0.0.0 for security update
Summary Identity Insight customers are advised to update OpenJDK 17 to version 17.0.19. for the security update in Java. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM InfoSphere...
Malicious Package
Overview usaa-authentication-mocks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Security Bulletin: IBM Copy Services Manager may be affected by a vulnerabilities due to default security configuration allowing cross site scripting
Summary A vulnerability has been found that allows cross site scripting once a user has been authenticated or unauthenticated into the server. Although likelihood of this issue being exploited is very low, IBM Copy Services Manager frequently updates configuration files in the product dependency...
Malicious Package
Overview airbnb-base-typescript-prettier is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression DoS and command injection due to the python package (CVE-2024-6232, CVE-2024-9287)
Summary Python is used by DataStage on Cloud Pak for Data as part of data processing functionality. Vulnerability Details CVEID:CVE-2024-6232 DESCRIPTION: There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile...
Security Bulletin: IBM OpenPages express-4.21.1.tgz vulnerability fixes (CVE-2024-52798)
Summary Security vulnerabilities related to express-4.21.1.tgz have been resolved in the latest IBM OpenPages fix packs for both versions 9.0 and 8.3. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases,...
Security Bulletin: IBM OpenPages fixes cross-spawn package vulnerability
Summary Vulnerability in the cross-spawn package with IBM OpenPages has been addressed in the latest IBM OpenPages fix packs for both 9.0 and 8.3 versions. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Automation Workflow (CVE-2025-36038)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Fusion Data Catalog Service is vulnerable to elevated container linux kernel privileges (CVE-2022-0185)
Summary IBM Fusion's Data Catalog Service containers previously required certain elevated linux kernel privileges. CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context...
Security Bulletin: An unsafe reading of environment file could potentially cause a denial of service in Netty, affecting watsonx.data
Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. These could affect watsonx.data. Vulnerability...
Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty affects IBM Storage Protect Operations Center (CVE-2025-23184).
Summary IBM Storage Protect Operations Center is affected by denial of service due to Apache CXF used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...
Security Bulletin: IBM Cloud Pak for Data Object Injection due to YAML Parsing in RDoc gem (CVE-2024-27281)
Summary Potential vulnerabilities in rdoc module CVE-2024-27281 has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27281 DESCRIPTION: An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Inefficient Regular Expression Complexity due to axios ( CWE-1333)
Summary Potential vulnerabilities in axios module has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details IBM X-Force ID: 386108 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the format method. By...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Prototype Pollution due to ejs package ( CVE-2024-33883)
Summary Potential vulnerabilities in ejs package has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-33883 DESCRIPTION: The ejs aka Embedded JavaScript templates package before 3.1.10 for Node.js lacks certain pollution protection. CWE:CWE-693:...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Cross-site Scripting (XSS) due to express.js ( CVE-2024-43796 )
Summary Potential vulnerabilities in express.js package CVE-2024-43796 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after...
Security Bulletin: IBM Cloud Pak for Data s vulnerable to Improper Input Validation due to follow-redirects ( CVE-2023-26159 )
Summary Potential vulnerabilities in follow-redirects module has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive header drop in Golang/net/http [CVE-2024-45336]
Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive header drop in Golang/net/http, which can occour following a cross-domain redirect CVE-2024-45336. The Golang/net/http package is used as part of our speech utilities. This vulnerabilitiy has been addressed. Please read the...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Jinja [CVE-2025-27516]
Summary IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in Jinja, due to an oversight in how the Jinja sandboxed environment interacts with the |attr filter CVE-2025-27516. Jinja is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the...
Security Bulletin: A vulnerability in Watson NLP affects IBM Robotic Process Automation (CVE-2024-56171).
Summary A vulnerability in Watson NLP affects IBM Robotic Process Automation CVE-2024-56171. Watson NLP is used by IBM Robotic Process Automation for Natural Language Processing. This bulletin identifies the fixes required to address the vulnerablity. Vulnerability Details CVEID:CVE-2024-56171...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to injection due to cookie package ( CVE-2024-47764 )
Summary Potential vulnerabilities in cookie package CVE-2024-47764 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other...