Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Directory Traversal due to plexus-utils (CVE-2025-67030)

Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Directory Traversal due to plexus-utils. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Incorrect Calculation of Buffer Size due to IBM Java (CVE-2026-1188)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Incorrect Calculation of Buffer Size due to IBM Java. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14667)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

IBM Db2 Denial of Service Vulnerability (CNVD-2026-14668)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Neutralization of Input Terminators due to Jakarta Mail (CVE-2025-7962)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Neutralization of Input Terminators due to Jakarta Mail. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle(CVE-2025-8916 & CVE-2025-8885)

Summary IBM App Connect Enterprise runtime and IBM Integration Bus for z/OS are vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in...

IBM Db2 Denial of Service Vulnerability (CNVD-2025-29175)

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

CVE-2025-36156 IBM InfoSphere Data Replication VSAM for z/OS Remote Source code execution

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer and execute arbitrary code on the system...

CVE-2025-36014

IBM Integration Bus for z/OS 10.1.0.0 through 10.1.0.5 is vulnerable to code injection by a privileged user with access to the IIB install directory...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that can be exploited by an attacker to cause a...

BMC Compuware iStrobe Web - 20.13 - Pre-auth Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: Pre-auth RCE on Compuware iStrobe Web Date: 01-08-2023 Exploit Author: trancap Vendor Homepage: https://www.bmc.com/ Version: BMC Compuware iStrobe Web - 20.13 Tested on: zOS CVE : CVE-2023-40304 To exploit this vulnerability you'll need "Guest access" enabled...

IBM DB2 安全漏洞

IBM DB2 is a relational database management system from International Business Machines IBM. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 that stems from vulnerability to insufficient audit logging...

Security Bulletin: IBM UrbanCode Deploy (UCD) Agents on zOS are vulnerable to an arbitrary code execution due to use of Apache Commons Text [CVE-2022-42889]

Summary The zos toolkit installed with agents on zOS includes Apache Commons Text which could allow an attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute...

CyberArk Credential Provider Local Cache Can Be Decrypted

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31798 2. Vulnerability Description CyberArk...

CyberArk Credential File Insufficient Effective Key Space

Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31796 2. Vulnerability Description CyberArk...

IBM DB2 代码问题漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 suffers from an arbitrary code execution vulnerability that can be exploited by an attacker to...

Security Bulletin: Vulnerability in IBM Java SDK affects IBM InfoSphere Discovery (CVE-2016-3485)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM InfoSphere Discovery. This issue was disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details CVEID: CVE-2016-3485 DESCRIPTION: An unspecified vulnerability related to the...