337 matches found
CVE-2025-36014 IBM Integration Bus for z/OS code injection
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory...
CVE-2025-36014 IBM Integration Bus for z/OS code injection
IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory...
CVE-2025-36014
CVE-2025-36014 affects IBM Integration Bus for z/OS, versions 10.1.0.0–10.1.0.5. The issue is a code injection vulnerability that can be exploited by a privileged user with access to the IIB install directory. The IBM bulletin identifies CWE-94 (Code Injection) and provides a CVSS v3.1 vector of ...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a privilege escalation attack ( CVE-2025-36014 )
Summary IBM Integration Bus for z/OS is vulnerable to a privilege escalation attack. Vulnerability Details CVEID:CVE-2025-36014 DESCRIPTION: IBM App Connect Enterprise Integration Bus is vulnerable to code injection by a privileged user with access to the IIB install directory. CWE:CWE-94: Improp...
IBM Integration Bus for z/OS 代码注入漏洞
IBM Integration Bus for z/OS is an enterprise service bus product from International Business Machines IBM that runs on z/OS systems. A code injection vulnerability exists in IBM Integration Bus for z/OS versions 10.1.0.0 through 10.1.0.5, which originates from privileged user executable code...
IBM Db2 Denial of Service Vulnerability (CNVD-2025-12295)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...
Security Bulletin: IBM Java: Two OpenJ9 internal ASCII to EBCDIC string wrapper vulnerabilities on z/OS (CVE-2025-1470,CVE-2025-1471,CWE-787)
Summary IBM Java: Two OpenJ9 internal ASCII to EBCDIC string wrapper vulnerabilities on z/OS CVE-2025-1470,CVE-2025-1471,CWE-787 Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities...
IBM Db2 安全漏洞
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a Resource Management Error vulnerability that stems from improper allocation of C...
CVE-2010-1182
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server WAS 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat (CVE-2025-31650 & CVE-2025-31651)
Summary IBM Integration Bus for z/OS is vulnerable to Incomplete Cleanup and Improper Encoding or Escaping of Output due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-31650 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HT...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to NULL Pointer Dereference and Out-of-bounds Write due to IBM Java ( CVE-2025-1470 & CVE-2025-1471)
Summary IBM Integration Bus for z/OS runtime is vulnerable to NULL Pointer Dereference and Out-of-bounds Write due to IBM Java. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities...
Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM Java: Two OpenJ9 internal ASCII to EBCDIC string wrapper has vulnerabilities on z/OS (CVE-2025-1470, CVE-2025-1471)
Summary IBM WebSphere Application Server is vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, IBM Engineering Lifecycle Optimization -...
CVE-2025-1000
IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting...
CVE-2025-1000
IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting...
CVE-2025-1000 IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting...
CVE-2025-1000 IBM Db2 denial of service
IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting...
CVE-2025-1000
CVE-2025-1000 (IBM Db2) affects IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0–11.5.9 and 12.1.0–12.1.1. An authenticated user can cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting. The IBM security bullet...
PT-2025-19799 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 12.1.0 through 12.1.1 Description: The issue allows an authenticated user ...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto (CVE-2024-8376)
Summary IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto. Vulnerability Details CVEID:CVE-2024-8376 DESCRIPTION: In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault o...
CVE-2025-1470
In Eclipse OMR, from the initial contribution to version 0.4.0, some OMR internal port library and utilities consumers of z/OS atoe functions do not check their return values for NULL memory pointers or for memory allocation failures. This can lead to NULL pointer dereference crashes. Beginning i...