35634 matches found
Security Bulletin: There is a vulnerability in netty-common-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-25193)
Summary There is a vulnerability in netty-common-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up ...
Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability (CVE-2025-31651) and an Improper Input Validation vulnerability (CVE-2025-31651).
Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Encoding or Escaping of Output vulnerability CVE-2025-31651 and an Improper Input Validation vulnerability CVE-2025-31651. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerabilities...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in October 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21235...
Security Bulletin: IBM Content Navigator is vulnerable to HTML injection.
Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2024-51475 DESCRIPTION: IBM Content Navigator is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web...
Security Bulletin: Astronomer with IBM is vulnerable to buffer overflow due to the OpenSSL package (CVE-2021-3711).
Summary OpenSSL is used by Astronomer with IBM as part of secure communications. Vulnerability Details CVEID:CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of the SM2 decryption. By...
Security Bulletin: Astronomer with IBM is vulnerable to arbitrary code execution due to the LangChain package (CVE-2023-38896).
Summary LangChain is used by Astronomer with IBM as part of LLM processing. Vulnerability Details CVEID:CVE-2023-38896 DESCRIPTION: LangChain could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the frommathprompt and...
Security Bulletin: Astronomer with IBM is vulnerable to arbitrary code execution due to the LangChain package (CVE-2023-39659).
Summary LangChain is used by Astronomer with IBM as part of LLM processing. Vulnerability Details CVEID:CVE-2023-39659 DESCRIPTION: LangChain could allow a remote attacker to execute arbitrary code on the system, caused by improper neutralization of user supplied-input by the PythonAstREPLTool.ru...
Security Bulletin: Astronomer with IBM is vulnerable to security restriction bypass due to the Perl package (CVE-2023-47100).
Summary Perl is used by Astronomer with IBM as part of core processing. Vulnerability Details CVEID:CVE-2023-47100 DESCRIPTION: Perl could allow a remote attacker to bypass security restrictions, caused by improper handling of property name by the Sparseunipropstring function in regcomp.c. By usi...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache CXF (CVE-2025-23184)
Summary A vulnerability in Apache CXF that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the...
Security Bulletin: IBM Information Server is affected by an Information Disclosure vulnerability (CVE-2025-1138)
Summary An Information Disclosure vulnerability in IBM Information Server was addressed. Vulnerability Details CVEID:CVE-2025-1138 DESCRIPTION: IBM InfoSphere Information Server could disclose sensitive information to an authenticated user that could aid in further attacks against the system...
Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime
Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their April 2025 Vulnerability Advisory, plus CVE-2025-2900 and CVE-2025-4447. For more information please refer to OpenJDK's April 2025 Vulnerability Advisory and the CVE links below...
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update, plus CVE-2025-4447. For more information please refer to Oracle's April 2025 CPU Advisory and the CVE links referenced below...
Security Bulletin: Vulnerability in Jsonpath-plus affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in Jsonpath-plus has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21534 DESCRIPTION: Jsonpath-plus could all...
Security Bulletin: IBM MQ for HPE NonStop Server is affected by denial of service vulnerability (CVE-2025-23225)
Summary IBM MQ for HPE NonStop Server has addressed a denial of service vulnerability CVE-2025-23225, when a message without an MQXQH header is put to an XMITQ. Vulnerability Details CVEID:CVE-2025-23225 DESCRIPTION: IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user to...
Security Bulletin: Vulnerability in commons-compress affects IBM Integrated Analytics System (Sailfish) [CVE-2024-25710, CVE-2024-26308]
Summary The commons-compress package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2024-25710, CVE-2024-26308. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Loop with Unreachable Exit Condition 'Infinite Loop'...
Security Bulletin: Vulnerability in [All] linux (Kernel) affects IBM Integrated Analytics System (Sailfish) [CVE-2021-47301, CVE-2024-27070].
Summary The All linux Kernel package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2021-47301, CVE-2024-27070. Vulnerability Details CVEID:CVE-2021-47301 DESCRIPTION: In the Linux kernel, the following vulnerability has been...
Security Bulletin: Vulnerability in VMware Tanzu Spring Framework affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in VMware Tanzu Spring Framework has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...
Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in libssh affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in libsshp has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: Vulnerability in libssh affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in libssh has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
Security Bulletin: Vulnerability in scikit-learn affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in scikit-learn has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in Webpack and Rspack affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Webpack and Rspack has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in expressjs express affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in expressjs express has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability (CVE-2025-33104)
Summary IBM WebSphere Application Server is affected by a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2025-33104 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the W...
Security Bulletin: Vulnerability in Jinja affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Jinja has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in nanoid (aka Nano ID) affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in nanoid aka Nano ID has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in expressjs body-parser affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in expressjs body-parser has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional informatio...
Security Bulletin: Vulnerability in pillarjs affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in pillarjs has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in expressjs serve-static affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in expressjs serve-static has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...
Security Bulletin: Vulnerability in Protobuf affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Protobuf has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in jshttp cookie affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in jshttp cookie has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been...
Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: Vulnerability in expressjs body-parser affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in expressjs body-parser has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional informatio...
Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: Vulnerability in Netty netty-incubator-codec-ohttp affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Netty netty-incubator-codec-ohttp has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additiona...
Security Bulletin: Vulnerability in Bootstrap affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Bootstrap has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The...
Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: Vulnerability in pypa/setuptools affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in pypa/setuptools has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in aiohttp affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in aiohttp has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: Vulnerability in axios affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in axios has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in Java SE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Java SE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
Security Bulletin: Astronomer with IBM is vulnerable to remote attacks due to the crewjam saml package (CVE-2020-27846).
Summary crewjam saml is used by Astronomer with IBM as part of identity verification. Vulnerability Details CVEID:CVE-2020-27846 DESCRIPTION: crewjam saml could allow a remote attacker to bypass security restrictions, caused by a signature verification vulnerability. By sending a specially-crafte...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.7.0. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cau...
Security Bulletin: Improper Privilege Management vulnerability in IBM Event Streams
Summary IBM Event Streams is vulnerable to Improper Privilege Management vulnerability in Apache Kafka Clients to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments like in a SaaS. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION...
Security Bulletin: IBM i is vulnerable to a machine-in-the-middle attack due to mishandling error codes when verifying the host key by OpenSSH. [CVE-2025-26465]
Summary OpenSSH used by IBM i is vulnerable to a machine-in-the-middle attack due to mishandling error codes when verifying the host key as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the remediation/fixes...
Security Bulletin: IBM SDK Java Technology Edition is vulnerable to CVE-2024-27267, affecting WebSphere Service Registry and Repository due to July 2024 CPU
Summary IBM SDK Java Technology Edition is vulnerable to CVE-2024-27267, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in January 2024. These issues are also addressed by WebSphere Application Server shipped with WebSphere Servi...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly...