35608 matches found
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Jinja (CVE-2025-27516)
Summary A vulnerability in Jinja that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allow...
Security Bulletin: This Power System update is being released to address CVE-2025-0395
Summary The Linux kernel is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console and by the Runtime Processor Diagnostics in PowerVM. This bulletin provides a remediation for the impacted vulnerability, CVE-2025-0395, by...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Java may affect IBM Storage Protect for Space Management
Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server and Java. This flaws can lead to denial of service in Netty, denial of service partial DOS, denial of service via introspection queries, unauthorized update, insert or delete...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Java may affect IBM Storage Protect Backup-Archive Client
Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server and Java. This flaws can lead to denial of service in Netty, denial of service partial DOS, denial of service via introspection queries, unauthorized update, insert or delete...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty and Java may affect IBM Storage Protect for Virtual Environments (Data Protection for VMware and Data Protection for Hyper-V)
Summary IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by security flaws in IBM WebSphere Application Server and Java. This flaws can lead to denial of service in Netty, denial of service partial DOS, denial of service via...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Security Guardium Key Lifecycle Manager
Summary IBM Db2 is shipped as a component of IBM Security Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Vulnerability in jetty-server affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6763, CVE-2024-8184]
Summary The jetty-server package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6763, CVE-2024-8184 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web...
Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6763]
Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6763 Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet...
Security Bulletin: Vulnerability in commons-io affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-47554]
Summary The commons-io package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-47554 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-0286, CVE-2023-50782]
Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-0286, CVE-2023-50782 Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: There is a type confusion vulnerability relating to X.400 addres...
Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-49083]
Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-49083 Vulnerability Details CVEID:CVE-2023-49083 DESCRIPTION: Cryptography package for Python is vulnerable to a denial of service, caused b...
Security Bulletin: Erlang/OTP SFTP Packet Size Validation Vulnerability Allows Excessive Memory Allocation
Summary Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to to prototype pollution due to webpack loader-utils ( CVE-2022-37601 )
Summary Potential vulnerabilities in webpack loader-utils module has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-37601 DESCRIPTION: Prototype pollution vulnerability in function parseQuery in parseQuery....
Security Bulletin: IBM Cloud Pak for Data Object Injection due to YAML Parsing in RDoc gem (CVE-2024-27281)
Summary Potential vulnerabilities in rdoc module CVE-2024-27281 has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-27281 DESCRIPTION: An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to multiple Vulnerabilities due to Ruby package
Summary Potential vulnerabilities in Ruby package has been identified that may affect IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2020-10663 DESCRIPTION: The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Improper Verification of Cryptographic Signature due to xml-crypto ( CVE-2025-29774, CVE-2025-29775 )
Summary Potential vulnerabilities in xml-crypto module CVE-2025-29774, CVE-2025-29775 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-29774 DESCRIPTION: xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be...
Security Bulletin: Apache Parquet vulnerabilities affect watsonx.data
Summary Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code and this could affect watsonx.data. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15...
Security Bulletin: IBM Security Guardium is affected by a Incorrect Permission Assignment for Critical Resource vulnerability (CVE-2017-1266 )
Summary IBM Security Guardium has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-1266 DESCRIPTION: IBM Security Guardium specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CVSS Base...
Security Bulletin: IBM Security Guardium is affected by Open Source libxml2 vulnerabilities
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-9050 DESCRIPTION: libxml2 is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the xmlDictAddString function in dict.c. By sending a specially-crafted...
Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (June 2025)
Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2025-0395...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
Summary IBM Security Guardium Insights has addressed the following vulnerabilities Vulnerability Details CVEID:CVE-2020-13949 DESCRIPTION: Apache Thrift is vulnerable to a denial of service, caused by improper input validation. By sending specially-crafted messages, a remote attacker could exploi...
Security Bulletin: IBM Security Guardium is affected by Multiple vulnerabilities in gnutls (CVE-2017-5337 CVE-2017-5336)
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2017-5337 DESCRIPTION: GnuTLS could allow a remote attacker to execute arbitrary code on the system, caused by a stack or heap-based buffer overflow error. By sending a specially-crafted...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities.
Summary IBM Security QRadar SIEM is affected by multiple vulnerabilities that could allow unauthorized access to sensitive data or arbitrary command execution. These issues have been addressed in the latest update. Vulnerability Details CVEID:CVE-2025-36050 DESCRIPTION: IBM QRadar stores...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: There is a type confusion vulnerability relating to X.400...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is affected by multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. HTTP Proxy bypass using IPv6 Zone IDs can improperly treat an IPv6 zone ID as a hostname component CVE-2025-22870. Spring Framework...
Security Bulletin: There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem
Summary There is a vulnerablity in the torch library affecting IBM watsonx Code Assistant On Prem. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2025-32434 DESCRIPTION: PyTorch is a Python package that provides tensor computation with...
Security Bulletin: IBM Edge Data Collector is vulnerable to axios-1.7.7.tgz, axios-1.7.9.tgz CVE-2025-27152
Summary IBM Edge Data Collector is vulnerable to axios-1.7.7.tgz, axios-1.7.9.tgz CVE-2025-27152. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. Th...
Security Bulletin: Vulnerability in jetty-http affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-36478]
Summary The jetty-http package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-36478 Vulnerability Details CVEID:CVE-2023-36478 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an integer overflow...
Security Bulletin: Vulnerability in Cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-38325]
Summary The Cryptography package is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-38325 Vulnerability Details CVEID:CVE-2023-38325 DESCRIPTION: The cryptography package before 41.0.2 for Python mishandles SSH certificates th...
Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-0286]
Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-0286 Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: There is a type confusion vulnerability relating to X.400 address processing...
Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and IBM WebSphere Liberty shipped with IBM Security Guardium Key Lifecycle Manager (SKLM/GKLM) (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)
Summary IBM WebSphere Application Server and IBM WebSphere Liberty is shipped as a component of IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server and IBM WebSphere Liberty has been published in a...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities.
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-3440 DESCRIPTION: IBM Security Guardium is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the W...
Security Bulletin: IBM Guardium Data Protection is affected by a snowflake-jdbc-3.14.0.jar vulnerability (CVE-2024-43382)
Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting. A remote authenticated attacker could exploit thi...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities.
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-29908 DESCRIPTION: Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map...
Security Bulletin: IBM Security Guardium is affected by vulnerabilities in Oracle MySQL
Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-21137 DESCRIPTION: An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow a remote authenticated attacker to cause high...
Security Bulletin: IBM Guardium Data Protection is affected by a PostgreSQL vulnerability (CVE-2024-10979, CVE-2024-10976, CVE-2024-10978).
Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-10979 DESCRIPTION: Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2024-53677, CVE-2025-23184)
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this ca...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2019-12900 DESCRIPTION: bzip2 is vulnerable to a denial of service, caused by an out-of-bounds write flaw when there are many selectors in the BZ2decompress function in...
Security Bulletin: IBM Guardium Data Protection is affected by a IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 vulnerabilities
Summary IBM Guardium Data Protection has addressed these vulnerabilities with updates Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts...
Security Bulletin: IBM Guardium Data Protection is affected by an Incorrect Permission Assignment for Critical Resource vulnerability (CVE-2025-25023)
Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-25023 DESCRIPTION: IBM Security Guardium could allow a privileged user to read any file on the system due to incorrect privilege assignment. CWE:CWE-266: Incorrect Privilege...
Security Bulletin: IBM Guardium Data Protection is affected by multiple kernel vulnerabilities
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-26641 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: make sure to pull inner header in ip6tnlrcv syzbot found ip6tnlrcv could...
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities (CVE-2024-38816, CVE-2024-38808, CVE-2024-35952)
Summary IBM Security Guardium has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can cra...
Security Bulletin: IBM Guardium Data Protection is affected by kernel vulnerabilities
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update Vulnerability Details CVEID:CVE-2024-43866 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health in shutdown callback There is no point in recovery during...
Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - April 2025 CPU
Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where use...
Security Bulletin: IBM i is affected by a user gaining elevated privileges due to an unqualified library call vulnerability in IBM Advanced Job Scheduler for i [CVE-2025-33122].
Summary IBM i affected by a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call vulnerability in IBM Advanced Job Scheduler for i as described in the vulnerability details section. This bulletin identifies the steps to take to...
Security Bulletin: IBM Backup, Recovery and Media Services for i is vulnerable to a user gaining elevated privileges due to an unqualified library call [CVE-2025-33108]
Summary IBM Backup, Recovery, and Media Services is vulnerable to allowing a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call. A malicious actor could cause user-controlled code to run with component access to the host operatin...