35661 matches found
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-30203 DESCRIPTION: GNU Emacs could provide weaker than expected security,...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2019-13224 DESCRIPTION: oniguruma is vulnerable to a denial of service, caused by ...
Security Bulletin: IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities
Summary IBM Cloud Pak for Network Automation 2.7 fixes multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...
Security Bulletin: IBM Automation Decision Services - Multiple CVEs addressed (February 2024)
Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-36054 DESCRIPTION: MIT Kerberos 5 aka krb5...
Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-45590 DESCRIPTION: expressjs body-parser is vulnerable to a denial of service, caused by ...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-23829, CVE-2023-49082, CVE-2024-23334 and CVE-2023-49081
Summary IBM Maximo Application Suite - IoT Component uses aiohttp-3.8.6-cp37-cp37m-manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2024-23829, CVE-2023-49082, CVE-2024-23334 and CVE-2023-49081. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: Multiple vulnerabilities in Samba may affect IBM Storage Scale SMB protocol access method (CVE-2023-4091, CVE-2023-42669, CVE-2023-3961, CVE-2023-42670)
Summary Multiple samba vulnerabilities may affect IBM Storage Scale SMB protocol access method that could allow a remote authenticated attacker to execute arbitrary code or denial of the service on the system. Vulnerability Details CVEID:CVE-2023-4091 DESCRIPTION: Samba could allow a remote...
Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2020-19909 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by an integer overflow in...
Security Bulletin: Multiple vulnerabilities affect PowerSC and PowerSC MFA
Summary There are multiple vulnerabilities in PowerSC and PowerSC MFA. Vulnerability Details CVEID:CVE-2023-50939 DESCRIPTION: IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of...
Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities
Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Dashboards on Cloud Pak. IBM Cognos Dashboards on Cloud Pak has addressed these vulnerabilities by upgrading IBM® Java™. There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards ...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V
Summary IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java. The flaws can lead to denial of service, sensitive information exposure, memory resource...
Security Bulletin: IBM Operational Decision Manager for January 2024 - Multiple CVEs addressed
Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-34054...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2024.
Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions,...
Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-38263 DESCRIPTION: IBM SOAR QRadar Plugin App could allow an...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Plugin Framework for Java (PF4J)
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Plugin Framework for Java PF4J. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-40828 DESCRIPTION: Plugin Framework for Java PF4J coul...
Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in Grafana (CVE-2023-1387)
Summary Grafana is used by IBM Storage Ceph in the dashboard. CVE-2023-1387 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID:CVE-2023-1387 DESCRIPTION: Grafana could allow a remote authenticated attacker to obtain sensitive informatio...
Security Bulletin: A security vulnerability has been identified in open source tomcat library used in IBM Quantum Safe Explorer (Mac and Windows Service)
Summary A security vulnerability has been identified in open source tomcat librarytomcat-embed-core-10.1.34 used in IBM Quantum Safe Explorer Mac and Windows Service Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution...
Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-39689]
Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2024-39689 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating the...
Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-37920]
Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-37920 Vulnerability Details CVEID:CVE-2023-37920 DESCRIPTION: Certifi is a curated collection of Root Certificates for validating the...
Security Bulletin: IBM Maximo Application Suite is vulnerable to Unrestricted File Upload (CVE-2025-1500)
Summary IBM Maximo Application Suite is vulnerable to Unrestricted File Upload which could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened CVE-2025-1500. Vulnerability Details CVEID:CVE-2025-1500 DESCRIPTION: IBM Maximo Applicatio...
Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to an authorization bypass (CVE-2024-45337).
Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak which could lead to an authorization bypass CVE-2024-45337. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix required to resolve the...
Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in ingress-nginx
Summary Multiple vulnerabilities in ingress-nginx that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-1097 DESCRIPTION: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingre...
Security Bulletin: Vulnerabilities in dependencies affect IBM Voice Gateway
Summary Security Vulnerabilities in dependencies affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and...
Security Bulletin: A vulnerability exists in the IBM Robotic Process Automation Control Center where user sessions are not invalidate after logout
Summary A vulnerability exists in IBM Robotic Process Automation Control Center where user sessions are not invalidate after logout. This bulletin identifies the fixes or remediations available to resolve this vulnerability. Vulnerability Details CVEID:CVE-2024-49825 DESCRIPTION: IBM Robotic...
Security Bulletin: A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections (CVE-2025-24010).
Summary A vulnerability in vite affects IBM Robotic Process Automation which could result in incorrect validation for WebSocket Connections CVE-2025-24010. Vite is used by IBM Robotic Process Automation as part of it's user interface. This bulletin identifies the fixes required to resolve the...
Security Bulletin: IBM Asset Data Dictionary uses jackson-mapper-asl-1.9.2.jar which is vulnerable to CVE-2019-10172, CVE-2019-10202.
Summary IBM Asset Data Dictionary uses jackson-mapper-asl-1.9.2.jar which is vulnerable to CVE-2019-10172, CVE-2019-10202. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2019-10172 DESCRIPTION: Jackson-mapper-asl could allow a remot...
Security Bulletin: IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763.
Summary IBM Asset Data Dictionary uses jetty-http-9.4.48.v20220622.jar which is vulnerable to CVE-2024-6763. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable,...
Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Microsoft LightGBM could allow a remote attacker to execute arbitrary code on the system.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Microsoft LightGBM could allow a remote attacker to execute arbitrary code on the system.. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: Vulnerability in Apache Solr (lucene), Apache ZooKeeper and Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-9823, CVE-2024-47554)
Summary There is a potential denial of service with Apache Commons IO, Eclipse Jetty that affect Apache Solr lucene, Apache ZooKeeper and Logstash used by IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty'...
Security Bulletin: IBM Maximo Application Suite uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565.
Summary IBM Maximo Application Suite uses nanoid-3.3.7.tgz which is vulnerable to CVE-2024-55565. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values...
Security Bulletin: IBM Maximo Application Suite uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195.
Summary IBM Maximo Application Suite uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated...
Security Bulletin: IBM Maximo Application Suite - IoT uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195.
Summary IBM Maximo Application Suite - IoT uses requests-2.31.0-py3-none-any.whl which is vulnerable to CVE-2024-35195. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local...
Security Bulletin: Vulnerabilities in Apache Solr (lucene) affect IBM Operations Analytics - Log Analysis (CVE-2025-24814, CVE-2024-52012)
Summary There are vulnerabilities in privilege escalation and arbitrary filepath write-access that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2025-24814 DESCRIPTION: Core creation allows users to replace "trusted" configset files with...
Security Bulletin: Multiple vulnerabilities in Apache Solr (lucene) affects IBM Operations Analytics - Log Analysis (CVE-2023-50386, CVE-2023-50298, CVE-2023-50292, CVE-2023-50291)
Summary There are vulnerabilities in backup/restore APIs, Solr streaming expressions, and Apache Solr schema designer that affect Apache Solr used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2023-50386 DESCRIPTION: Improper Control of Dynamically-Managed Code...
Security Bulletin: Vulnerability in PHP might affect IBM Storage Sentinel Anomaly Scan Engine.
Summary Vulnerabilities in PHP might affect IBM Storage Sentinel Anomaly Scan Engine. A remote attacker can execute arbitrary OS commands, obtain sensitive information, bypass security restrictions, and cause denial of service as described by the CVEs in the "Vulnerability Details" section...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and iFix Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importi...
Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2022-23491]
Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2022-23491 Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that...
Security Bulletin: IBM i is vulnerable to an out-of-bounds write in NTP services due to multiple vulnerabilities.
Summary IBM i is vulnerable to an out-of-bounds write due to a flaw in mstolfp.c in NTP CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, and CVE-2023-26554 as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerabilities as described in t...
Security Bulletin: IBM Aspera Faspex 5 is vulnerable to cross-site scripting (CVE-2025-3423)
Summary IBM Aspera Faspex 5 is vulnerable to DOM-based cross-site scripting. Attackers could use this vulnerability to trick users into opening malicious URLs, allowing client-side scripts to process and execute at the user's browser. Vulnerability Details CVEID:CVE-2025-3423 DESCRIPTION: IBM...
Security Bulletin: IBM Aspera Desktop App has multiple vulnerabilities related to Open Source dependencies (CVE-2025-27789 and CVE-2025-24010 )
Summary IBM Aspera Desktop App is affected by inefficient regular expression complexity which can cause excessive CPU cycles and lack of validation on the Origin header which could cause an unauthorized access to any functionality accessible to the communication source. These vulnerabilities have...
Security Bulletin: IBM Sterling Connect:Direct Web Services 6.1 is affected by PostgreSQL vulnerability.
Summary IBM Connect:Direct Web Services uses PostgreSQL and is vulnerable to CVE-2025-1094. Vulnerability Details CVEID:CVE-2025-1094 DESCRIPTION: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.0.1
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.0.1 Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding'...
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2024-56346, CVE-2024-56347)
Summary UPDATED 4/10: The included README was updated for clarity. Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2024-56346, CVE-2024-56347. Vulnerability Details CVEID:CVE-2024-56346 DESCRIPTION: IBM AIX nimesis NIM master service could allow a remote...
Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel...
Security Bulletin: IBM QRadar Wincollect agent is vulnerable to denial of service ( CVE-2024-51461)
Summary IBM QRadar Wincollect agent is vulnerable to denial of service. The vulnerability have been addressed in the latest update. Vulnerability Details CVEID:CVE-2024-51461 DESCRIPTION: IBM QRadar WinCollect Agent could allow a remote attacker to cause a denial of service by interrupting an HTT...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...
Security Bulletin: IBM Sterling Control Center is affected by sensitive information within URLs may be logged (CVE-2023-43035)
Summary Sensitive information may be logged Session token is passing in the URL within URLs is affecting IBM Sterling Control Center v6.2.1.0, v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2023-43035 DESCRIPTION:...
Security Bulletin: IBM Sterling Control Center is affected by improper input validation (CVE-2023-42007)
Summary Improper input validation is impacting IBM Sterling Control Center v6.4.0.0, v6.3.1.0 and v6.2.1.0. User supplied input is getting reflected as it is in the response without being validated at sever end. Customers must upgrade to latest patch below to address this vulnerability...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities reported in Jetty server (CVE-2024-8184, CVE-2024-6763)
Summary Multiple vulnerabilities over Eclipse Jetty is affecting IBM Sterling Control Center v6.3.1.0 and v6.4.0.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service...