Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907

Summary IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before...

Security Bulletin: IBM Cloud Kubernetes is affected by a Linux kernel security vulnerability (CVE-2026-31431)

Summary IBM Cloud Kubernetes Service is affected by a vulnerability in the Linux kernel that could allow a local attacker to escalate their privileges CVE-2026-31431. Vulnerability Details CVEID : CVE-2026-31431 Description : In the Linux kernel, the following vulnerability has been resolved:...

Security Bulletin: IBM MQ is affected by a server-side request forgery vulnerability in IBM WebSphere Application Server Liberty (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty is used by IBM MQ as part of the IBM MQ Console and IBM MQ REST API functionality CVE-2026-1561 Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application...

Security Bulletin: IBM MQ is affected by a privilege escalation vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty is used by IBM MQ as part of the IBM MQ Console and IBM MQ REST API functionality CVE-2025-14915 Vulnerability Details CVEID:CVE-2025-14915 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873.

Summary IBM Maximo Application Suite - Monitor Component uses ajv-6.12.6.tgz which is vulnerable to CVE-2025-69873. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerabl...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz, lodash-es-4.17.22.tgz which is vulnerable to CVE-2025-13465.

Summary IBM Maximo Application Suite - Monitor Component uses lodash-4.17.21.tgz, lodash-es-4.17.21.tgz, lodash-es-4.17.22.tgz which is vulnerable to CVE-2025-13465. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to reflected XSS vulnerability in AFT (CVE-2026-0835)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed reflected XSS vulnerability Vulnerability Details CVEID:CVE-2026-0835 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway is vulnerable to cross-site scripting. This vulnerability allows an...

Security Bulletin: IBM Edge Data Collector uses PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl which is vulnerable to CVE-2025-69277.

Summary IBM Edge Data Collector uses PyNaCl-1.4.0-cp35-abi3-manylinux1x8664.whl which is vulnerable to CVE-2025-69277. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases involving...

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password (CVE-2025-36258)

Summary A vulnerability due to plaintext storage of a password was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2025-36258 DESCRIPTION: IBM InfoSphere Information Server product stores user credentials and other sensitive information in plain text which can be...

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.3 which is vulnerable to CVE-2025-66221

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a...

Security Bulletin: IBM MQ is affected by an authority vulnerablility (CVE-2026-1713)

Summary IBM MQ has addressed an authority vulnerablility Vulnerability Details CVEID:CVE-2026-1713 DESCRIPTION: IBM MQ is affected by an authority vulnerability allowing users access to SYSTEM.AUTH.DATA.QUEUE. CWE:CWE-305: Authentication Bypass by Primary Weakness CVSS Source: IBM CVSS Base score...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM IBM Edge Data Collector uses azure_core-1.14.0-py2.py3-none-any.whl which is vulnerable to CVE-2026-21226.

Summary IBM IBM Edge Data Collector uses azurecore-1.14.0-py2.py3-none-any.whl which is vulnerable to CVE-2026-21226. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21226 DESCRIPTION: Deserialization of untrusted data in Azure Core shared...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in yawkat LZ4 Java

Summary Multiple vulnerabilities in yawkat LZ4 Java that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to improper allocation of resources (CVE-2025-36098)

Summary IBM® Db2® could allow an authenticated user to cause a denial of service due to improper allocation of resources. Vulnerability Details CVEID:CVE-2025-36098 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of...

Security Bulletin: This Power System update is being released to address CVE-2025-49133

Summary The PowerVM Virtual Trusted Platform Module vTPM feature is impacted by the referenced vulnerability. This issue was fixed in a previous security bulletin for CVE-2025-2884: https://www.ibm.com/support/pages/node/7238453 Vulnerability Details CVEID:CVE-2025-49133 DESCRIPTION: Libtpms is a...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889.

Summary IBM Maximo Application Suite - Monitor Component uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber...

Security Bulletin: IBM MQ Appliance is affected by Java vulnerabilities (CVE-2025-52057 and CVE-2025-53066)

Summary IBM MQ Appliance has addressed Java vulnerabilities. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause no confidentiality impact, high integrity impact, and no availabili...

CVE-2025-11531

HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0...