35013 matches found
Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.
Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-25184 DESCRIPTION: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be...
Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283
Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...
Security Bulletin: AIX is vulnerable to a denial of service (CVE-2025-26466) and a machine-in-the-middle attack (CVE-2025-26465) due to OpenSSH
Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to cause a denial of service CVE-2025-26466 or a machine-in-the-middle attack CVE-2025-26465. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2025-26466 DESCRIPTION: A flaw was found in the OpenSSH...
Security Bulletin: Vulnerability in Buildah affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Buildah has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in GNU Wget affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in GNU Wget has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
Security Bulletin: Vulnerability in Flatpak affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Flatpak has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in Natural Language Toolkit (NLTK) affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Natural Language Toolkit NLTK has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional...
Security Bulletin: StackOverflow Vulnerability affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential StackOverflow vulnerability has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Multiple OS vulnerabilities affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential Multiple OS vulnerabilities has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: StackOverflow vulnerability affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential StackOverflow vulnerability has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerabilities in Google Chrome affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Google Chrome has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in Certifi affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Certifi has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.e . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to server-side request forgery (CVE-2024-49822)
Summary QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to to server-side request forgery which may allow an authenticated attacker to send unauthorized requests. This vulnerability has been addressed in the update. Vulnerability Details CVEID:CVE-2024-49822 DESCRIPTION: IBM QRadar...
Security Bulletin: QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. QRadar Advisor With Watson for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.291 Vulnerability Details CVEID:CVE-2021-20293 DESCRIPTION: RESTEasy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit thi...
Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2024-27268]
Summary Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Patterns. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused ...
Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-1681]
Summary The Flask-Cors package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-1681. Vulnerability Details CVEID:CVE-2024-1681 DESCRIPTION: Flask-CORS could allow a remote attacker to bypass security restrictions, caused ...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to pillow-10.2.0-cp38-cp38-manylinux_2_28_x86_64.whl CVE-2024-28219
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to pillow-10.2.0-cp38-cp38-manylinux228x8664.whl CVE-2024-28219. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-28219 DESCRIPTION: Pillow is vulnerable to a buff...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network...
Security Bulletin: IBM Sterling Global Availability Mailbox is affected by a vulnerability in Cassandra Reaper
Summary Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to a denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty CVE-2024-40094
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to a denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty CVE-2024-40094. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-40094...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45230
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-28219. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45230 DESCRIPTION: Django is vulnerable to a denial of service,...
Security Bulletin: IBM Observability with Instana for Self-Hosted Standard Edition is affected by multiple Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana for Self-Hosted Standard Edition 291 CVE-2024-45337, CVE-2024-41110, CVE-2024-3596 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 291 Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2 Vulnerability Details CVEID:CVE-2024-21236 DESCRIPTION: Oracle MySQL Server is vulnerable to a denial of service related to the InnoDB component. By sending a specially crafted request, a remote authenticated...
Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation which could result in an unwanted setAttribute('href',href) (CVE-2024-57965)
Summary A vulnerability in axios affects IBM Robotic Process Automation which could result in an unwanted setAttribute'href',href. IBM Robotic Process Automation uses axios as part of the user interface. This bulletin identifies the fixes or remediations available to resolve this vulnerability...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)
Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.8 LTS and 12.8.2 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: Due to the use of Netty, IBM WebSphere eXtreme Scale Liberty Deployment on Microsoft Windows is vulnerable to denial of service.
Summary The YAJSW component is used to register XSLD services. An insecure Netty JAR is bundled within YAJSW impacts XSLD on Microsoft Windows operating system. This is remediated in the YAJSW v13.14 release, and for WXS through application of the ifix for PH65615. Vulnerability Details...
Security Bulletin: Arbitrary QPY Execution in Qiskit SDK QPY Deserialization < 13
Summary A maliciously crafted QPY payload can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY format versions 13. A Python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code execution due to redisson-3.17.7 (CVE-2023-42809)
Summary redisson is used by DataStage on Cloud Pak for Data as part of the Redis Java client. Vulnerability Details CVEID:CVE-2023-42809 DESCRIPTION: Redisson could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By persuading a victim to...
Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities
Summary IBM Security QRadar EDR Software is affected by multiple vulnerabilities that could allow a remote attacker to bypass security restrictions, decrypt sensitive credentials, execute arbitrary code, or steal authentication tokens. These vulnerabilities have been addressed in the latest updat...
Security Bulletin: IBM Security QRadar EDR Software contains multiple vulnerabilities
Summary IBM Security QRadar EDR Software includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt jwt-go could allow a remote...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)
Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to HTTP header injection due to the Django package (CVE-2021-32052)
Summary Django is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2021-32052 DESCRIPTION: Django is vulnerable to HTTP header injection, caused by improper validation of input in URLValidator. By persuading a victim to visit a...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML Jackson Core package (PRISMA-2023-0067)
Summary Jackson is used by IBM DataStage on Cloud Pak for Data for JSON parsing. Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of service, caused by improper input validation by the StreamReadConstraints value field. By sending a...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a phishing attack due to the ExpressJS package (CVE-2024-29041)
Summary ExpressJS is used by IBM DataStage on Cloud Pak for Data as part of the web application framework. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to authentication and command execution issues due to the Eclipse Jetty package (CVE-2023-36479, CVE-2023-40167, CVE-2023-41900)
Summary Eclipse Jetty is used by IBM DataStage on Cloud Pak for Data as part of web server functionality. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to GNOME GLib (CVE-2023-32636)
Summary GNOME GLib is used by IBM DataStage on Cloud Pak for Data as part of the data handling functionality. Vulnerability Details CVEID:CVE-2023-32636 DESCRIPTION: GNOME GLib is vulnerable to a denial of service, caused by a flaw in the fuzzvarianttext function. By sending a specially crafted...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)
Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to a flaw in the Kubernetes kube-apiserver (CVE-2019-11250, CVE-2020-8565)
Summary Kubernetes is used by IBM DataStage on Cloud Pak for Data as part of the container environment. Vulnerability Details CVEID:CVE-2019-11250 DESCRIPTION: Kubernetes could allow a local authenticated attacker to obtain sensitive information, caused by storing credentials in the log by the...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to a symlink vulnerability due to Libcontainer and Docker Engine (CVE-2015-3627)
Summary Libcontainer and Docker Engine are used by IBM DataStage on Cloud Pak for Data as part of the container environment. Vulnerability Details CVEID:CVE-2015-3627 DESCRIPTION: A symlink vulnerability in Libcontainer and Docker Engine regarding the file-descriptor being opened prior to...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to unlimited data accumulation due to the Netty package ( CVE-2024-29025)
Summary Netty is used by IBM DataStage on Cloud Pak for Data as part of server processing. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...
Security Bulletin: Vulnerability in BlueZ affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in BlueZ has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability inPython Software Foundation Black affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Python Software Foundation Black has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional...
Security Bulletin: Vulnerability in Apache Avro affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Apache Avro has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in Apache Kafka Clients affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Apache Kafka Clients has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in aio-libs aiohttp affects IIBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in aio-libs aiohttp has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerabilities in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: An unclaimed Amazon S3 bucket vulnerability (CVE-2024-1682)affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential unclaimed Amazon S3 bucket vulnerability CVE-2024-1682 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for...