35608 matches found
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in send-0.18.0.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of send-0.18.0.tgz Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in body-parser-1.20.0.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of body-parser-1.20.0.tgz Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in express-4.18.1.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of express-4.18.1.tgz Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in path-to-regexp-0.1.7.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of path-to-regexp-0.1.7.tgz Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-38809 DESCRIPTION: Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-expression-5.3.24.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-expression-5.3.24.jar Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spri...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in axios-1.6.1.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of axios-1.6.1.tgz Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs. CWE:CWE-918: Server-Sid...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in ws-3.3.3.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of ws-3.3.3.tgz Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in micromatch-4.0.5.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of micromatch-4.0.5.tgz Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.brac...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in braces-3.0.2.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of braces-3.0.2.tgz Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in tar-6.2.0.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of tar-6.2.0.tgz Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-web-5.3.26.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-web-5.3.26.jar Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on t...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in netty-codec-http-4.1.100.Final.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of netty-codec-http-4.1.100.Final.jar Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in express-4.17.3.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of express-4.17.3.tgz Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affecte...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-security-core-5.8.5.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-security-core-5.8.5.jar Vulnerability Details CVEID:CVE-2024-22257 DESCRIPTION: In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-boot-2.7.12.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-boot-2.7.12.jar Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in spring-expression-5.3.24.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of spring-expression-5.3.24.jar Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION: In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possibl...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in okio-2.8.0.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of okio-2.8.0.jar Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client...
Security Bulletin: IBM Storage Ceph is vulnerable to Allocation of Resources Without Limits or Throttling in Grafana (CVE-2023-47108)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2023-47108 Vulnerability Details CVEID:CVE-2023-47108 DESCRIPTION: OpenTelemetry-Go Contrib is a collection of third-party packages for...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer in the RHEL UBI (CVE-2024-33599)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2024-33599. Vulnerability Details CVEID:CVE-2024-33599 DESCRIPTION: nscd: Stack-based buffer overflow in netgroup cache If the Na...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high confidentiality impact and hig...
Security Bulletin: IBM Datapower Operations Dashboard could allow DNS poisoning CVE-2023-0833
Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-34447 DESCRIPTION: An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java...
Security Bulletin: Vulnerability in Linux bind affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the Linux bind component affects IBM Storage Virtualize products and could cause denial of service. CVE-2024-11187. Vulnerability Details CVEID:CVE-2024-11187 DESCRIPTION: It is possible to construct a zone such that some queries to it will generate responses containing...
Security Bulletin: Vulnerability in login affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the login system affects IBM Storage Virtualize products and could cause denial of service. CVE-2025-1351. Vulnerability Details CVEID:CVE-2025-1351 DESCRIPTION: IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products could allow a...
Security Bulletin: Multiple vulnerabilities found in IBM TXSeries for Multiplatforms.
Summary IBM TXSeries for Multiplatforms has been updated in order to address multiple vulnerabilities CVE-2024-12243, CVE-2024-12133, CVE-2024-8176. Vulnerability Details CVEID:CVE-2024-12243 DESCRIPTION: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an...
Security Bulletin: IBM QRadar SIEM protocol is affected by Denial of Service and Security Restriction Bypass
Summary Apache Commons Compress and Apache HttpClient are affected by Denial of Service and Security Restriction Bypass. Attackers could potentially disrupt services or bypass security controls to access sensitive information. These issues have been addressed with an update. Vulnerability Details...
Security Bulletin: Security vulnerabilities in Java SE shipped with IBM TXSeries for Multiplatforms (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)
Summary There are multiple vulnerabilities in the Java SE version shipped with IBM TXSeries for Multiplatforms CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM TXSeries for Multiplatforms has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to a privilege escalation attack ( CVE-2025-36014 )
Summary IBM Integration Bus for z/OS is vulnerable to a privilege escalation attack. Vulnerability Details CVEID:CVE-2025-36014 DESCRIPTION: IBM App Connect Enterprise Integration Bus is vulnerable to code injection by a privileged user with access to the IIB install directory. CWE:CWE-94: Improp...
Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)
Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Standard CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...
Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Advanced (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)
Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Advanced CVE-2025-21587, CVE-2025-30698, CVE-2025-4447. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An...
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.
Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in json-20230227.jar
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of json-20230227.jar Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.8.1. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU...
Security Bulletin: IBM Data Dictionary uses protobuf-5.28.3-cp38-abi3-manylinux2014_x86_64.whl which is vulnerable to CVE-2025-4565
Summary IBM Data Dictionary uses protobuf-5.28.3-cp38-abi3-manylinux2014x8664.whl which is vulnerable to CVE-2025-4565. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python...
Security Bulletin: Vulnerabilities in IBM Semeru SDK (CVE-2025-21587, CVE-2025-30698, CVE-2025-2900) affect Power HMC.
Summary The IBM Semeru SDK is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high...
Security Bulletin: Vulnerability in expat library (CVE-2024-8176) affects Power HMC.
Summary The expat library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML...
Security Bulletin: Vulnerabilities in libxml2 library (CVE-2024-56171, CVE-2025-24928) affect Power HMC.
Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-56171 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and...
Security Bulletin: Vulnerability in freetype library (CVE-2025-27363) affects Power HMC.
Summary The freetype library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when...
Security Bulletin: IBM Integration Designer is vulnerable to improper access control (CVE-2025-48734)
Summary Vulnerability in Apache Commons BeanUtils used by IBM Integration Designer. IBM Integration Designer has addressed CVE-2025-48734. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...
Security Bulletin: Security vulnerabilities related to tomcat-embed-core library in IBM Business Automation Manager Open Editions.
Summary Multiple vulnerabilities related to tomcat-embed-core library were addressed in IBM Business Automation Manager Open Editions 9.2.1. Vulnerability Details CVEID:CVE-2025-49125 DESCRIPTION: Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat. When using...
Security Bulletin: Multiple Security Vulnerabilities were found in IBM Java Runtime as shipped with IBM Security Verify Access and IBM Verify Identity Access
Summary Multiple Security Vulnerabilities found in IBM Java Runtime as shipped with IBM Security Verify Access and IBM Verify Identity Access have been addressed. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component...
Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal in oath-toolkit (CVE-2024-47191)
Summary oath-toolkit is used by IBM Storage Ceph for metrics and authentication. CVE-2024-47191 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-47191 DESCRIPTION: pamoath.so in oath-toolkit 2.6.7 through 2.6.11 befo...
Security Bulletin: IBM DataPower Gateway affected by issues in Java Runtime
Summary IBM DataPower Gateway does not itself use Java, but certain bundled integrations do e.g. JDBC, IMS Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiali...
Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2®. (April 2025 CPU)
Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 7.1.5.25 and earlier, 8.0.8.40 and earlier used by IBM® Db2. These issues were disclosed as part of the IBM Java SDK updates in April 2025. Vulnerability Details CVEID:CVE-2025-4447 DESCRIPTION: In Eclipse OpenJ9 versions ...
Security Bulletin: IBM Datapower Operations Dashboard could allow a denial of service CVE-2024-30172
Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard implementation of secure data transmission and storage Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.298 Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache...
Security Bulletin: Multiple Vulnerabilities in IBM Event Processing
Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.1 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.8.1. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An...
Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2023-39325, CVE-2022-21698)
Summary github.com/prometheus/clientgolang, golang.org/x/net are dependency packages used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapid...
Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Data Management Console (CVE-2022-23648, CVE-2022-32149)
Summary The listed dependency packages are being used by IBM Db2 Data Management Console github.com/containerd/containerd, golang.org/x/text. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2022-27664 DESCRIPTION: In net/http in Go befo...