35661 matches found
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2®. (January 2025 CPU)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.24 and earlier, 8.0.8.35 and earlier, and IBM Semeru Version 21.0.5.0 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in January 2025. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2024-40094.
Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty which is vulnerable to CVE-2024-40094. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is...
Security Bulletin: IBM Maximo Application Suite - IoT uses multiple dependencies which is vulnerable to CVEs.
Summary IBM Maximo Application Suite - IoT uses pip-9.0.3.dist-info, urllib3-1.24.2-py3.6.egg-info, setuptools-39.2.0.dist-info which is vulnerable to CVE-2019-20916, CVE-2023-43804, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Detai...
Security Bulletin: IBM Maximo Application Suite - IoT uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184.
Summary IBM Maximo Application Suite uses cxf-core-3.6.4.jar which is vulnerable to CVE-2025-23184. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in...
Security Bulletin: IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037.
Summary IBM Maximo Application Suite uses UI: Bypass Client-Side Validation which is vulnerable to CVE-2023-43037. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-43037 DESCRIPTION: IBM Maximo Application Suite could allow an...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to an improper resolution of path equivalence due to Apache Tomcat (CVE-2025-24813)
Summary IBM Integration Bus for z/OS is vulnerable to an improper resolution of path equivalence due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious...
Security Bulletin: Vulnerabilities in Linux Kernel, MongoDB, Python, Samba, OpenSSL and cURL libcurl affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in libcurl, MongoDB, Python, Samba, OpenSSL and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, remote execution of arbitrary code and bypassing...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle Oct 2024 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...
Security Bulletin: There is a vulnerability in pandas-2.2.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-9880)
Summary There is a vulnerability in pandas-2.2.3-cp311-cp311-manylinux217x8664.manylinux2014x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-9880 DESCRIPTION: Rejected reason: This CVE ID has been rejected or withdrawn by its CV...
Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software
Summary This release includes information about multiple vulnerabilities, improving the overall security and stability of the application. The types of vulnerabilities resolved include: Axios Vulnerability: Addressed an issue that could potentially cause SSRF and credential leakage server and...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.7.
Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.7. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 292 Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: There is a vulnerability in jinja2-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-27516)
Summary There is a vulnerability in jinja2-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed...
Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities
Summary Multiple security vulnerabilities in the dependent components have been addressed in the latest update to IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute...
Security Bulletin: IBM Storage Protect Server is vulnerable to authorization bypass attack due to Golang Go (CVE-2024-45337)
Summary Golang Go is used by the IBM Storage Protect Server OSSM component and is vulnerable to an authorization bypass attack due to a security issue in golang.org/x/crypto. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse...
Security Bulletin: Race Condition in Waitress WSGI Server Can Lead to Resource Exhaustion (Fixed in >= 3.0.1)
Summary Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer
Summary There are multiple vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2024 Critical Pat...
Security Bulletin: Due to use of WebSphere Liberty, IBM Cloud Pak Sys is vulnerable to a Denial of Service
Summary WebSphere Liberty is used by IBM Cloud Pak System as part of the WebSphere Liberty pattern type using GraphQL Java CVE-2024-40094. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java aka graphql-java is vulnerable to a denial of service, caused by the failure to properly...
Security Bulletin: A Netty vulnerability affects Rational Test Virtualization Server / DevOps Virtualization and Rational Performance Test Server / DevOps Test Performance Test Server ( CVE-2024-47535 )
Summary Rational Test Virtualization Server / DevOps Virtualization and Rational Performance Test Server / DevOps Test Performance Test Server are vulnerable to a denial of service due to a vulnerability in Netty CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an...
Security Bulletin: A Netty vulnerability affects Rational Test Workbench / DevOps Test Workbench ( CVE-2024-47535 )
Summary Rational Test Workbench / Devops Test Workbench are vulnerable to a denial of service due to a vulnerability in Netty CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server Liberty container shipped with containerized IBM Security Guardium Key Lifecycle Manager 5.0 (GKLM) (CVE-2024-10963)
Summary WebSphere Application Server Liberty container is shipped as a component of containerized IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server Liberty container has been published in a security bulletin...
Security Bulletin: There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions
Summary There is a vulnerablity in the object-path library affecting IBM watsonx Code Assistant IDE Extensions. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-23434 DESCRIPTION: Node.js object-path module could allow a remote attack...
Security Bulletin: IBM Maximo Application Suite - IoT uses multiple third party dependencies which is vulnerable to CVEs.
Summary IBM Maximo Application Suite - IoT uses pip-22.3.1.dist-info, zipp-3.18.1.dist-info, jinja2-3.1.4.dist-info, jinja2-3.1.4.dist-info, pip-20.2.4.dist-info, cryptography-44.0.0.dist-info, urllib3-1.26.18.dist-info, ansiblecore-2.15.11.dist-info, ansiblecore-2.15.11.dist-info,...
Security Bulletin: IBM Maximo Application Suite - IoT uses spring-context-5.3.39.jar which is vulnerable to CVE-2024-38820.
Summary IBM Maximo Application Suite - IoT uses spring-context-5.3.39.jar which is vulnerable to CVE-2024-38820. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: VMware Tanzu Spring Framework could provide weak...
Security Bulletin: IBM Maximo Application Suite uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to CVE-2024-37891.
Summary IBM Maximo Application Suite uses urllib3-1.26.18-py2.py3-none-any.whl which is vulnerable to CVE-2024-37891. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated...
Security Bulletin: IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.
Summary IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2024-21538]
Summary Node.js module cross-spawn is used by IBM App Connect Enterprise Certified Container when handling internal metrics. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability ...
Security Bulletin: IBM Maximo Application Suite uses "golang.org/x/net/html, crypto/internal/nistec, net/http, crypto/x509" which is vulnerable to "CVE-2024-45338, CVE-2025-22866, CVE-2024-45336, CVE-2024-45341"
Summary IBM Maximo Application Suite uses "golang.org/x/net/html, crypto/internal/nistec, net/http, crypto/x509" which is vulnerable to "CVE-2024-45338, CVE-2025-22866, CVE-2024-45336, CVE-2024-45341". This bulletin contains information regarding the vulnerability and its fixture. Vulnerability...
Security Bulletin: The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly affects watsonx.data
Summary The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly. Hense could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase a...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Incorrect Authorization in Vault (CVE-2023-24999)
Summary Vault is used by IBM Storage Fusion Data Foundation to handle user authentication. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-24999. Vulnerability Details CVEID:CVE-2023-24999 DESCRIPTION: HashiCorp Vault and Vau...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Cross-site Scripting in Vault (CVE-2023-2121)
Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, multicluster, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-2121. Vulnerability...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to an Observable Timing Discrepancy in Vault (CVE-2023-25000)
Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-25000. Vulnerability Details...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Improper and Incorrect Authorization and SQL Injection in Vault (CVE-2023-0665, CVE-2023-24999, CVE-2023-0620)
Summary Vault is used by IBM Storage Fusion Data Foundation as part of user authentication. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-0665, CVE-2023-24999, CVE-2023-0620. Vulnerability Details CVEID:CVE-2023-0665...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Path Traversal in Moment.js (CVE-2022-24785)
Summary Moment.js is used by IBM Storage Fusion Data Foundation in noobaa-core-container and Ceph as part of Storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-24785. Vulnerability Details CVEID:CVE-2022-24785...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to an uncontrolled resource consumption in the RHEL UBI (CVE-2023-44487)
Summary HTTP/2 is used by IBM Storage Fusion Data Foundation as part of the RHEL UBI and in assorted other locations. CVE-2023-44487. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to allocation of resources without limits or throttling (rapid reset) in HTTP/2 (CVE-2023-39325)
Summary HTTP/2 is used by IBM Storage Fusion Data Foundation in Golang as part of the intrinsic operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-39325. Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: Golang G...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Uncontrolled Resource Consumption in HTTP/2 via golang (CVE-2022-41723)
Summary HTTP/2 is used by IBM Storage Fusion Data Foundation in golang as a fundamental part of all operators. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-41723. Vulnerability Details CVEID:CVE-2022-41723 DESCRIPTION:...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to uncontrolled recursion in golang (CVE-2022-30631)
Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30631. Vulnerability Details CVEID:CVE-2022-30631 DESCRIPTION: Golang G...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to the use of insufficiently random values in Golang (CVE-2022-30629)
Summary Golang is used by IBM Storage Fusion Data Foundation as part of the operator's intrinsic functionality. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30629. Vulnerability Details CVEID:CVE-2022-30629 DESCRIPTION:...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Uncontrolled Recursion in golang (CVE-2022-30632)
Summary Golang is used by IBM Storage Fusion Data Foundation in mcg and cephcsi. as part of the operator. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30632. Vulnerability Details CVEID:CVE-2022-30632 DESCRIPTION: Golang G...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to multiple software weaknesses due to Golang
Summary Golang Go is vulnerable to a denial of service, which could allow a remote attacker to conduct query parameter smuggling and could allow a local attacker to execute arbitrary code on the system. Golang is used by IBM Storage Fusion Data Foundation as a core part of operators. This bulleti...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to inconsistent interpretation of HTTP requests in Golang (CVE-2022-1705)
Summary Golang is used by IBM Storage Fusion Data Foundation as a core part of operators. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-1705. Vulnerability Details CVEID:CVE-2022-1705 DESCRIPTION: Golang Go is vulnerable to...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Uncontrolled Recursion in Golang (CVE-2022-30635)
Summary Golang is used by IBM Storage Fusion Data Foundation as part of the operator's intrinsic functionality. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30635. Vulnerability Details CVEID:CVE-2022-30635 DESCRIPTION:...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to improper removal of sensitive information before storage or transfer in the console (CVE-2022-1650)
Summary EventSource is used by IBM Storage Fusion Data Foundation in the console as part of data metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-1650. Vulnerability Details CVEID:CVE-2022-1650 DESCRIPTION: EventSourc...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to improper input validation in Ceph (CVE-2023-46159)
Summary Ceph is used by IBM Storage Fusion Data Foundation as storage. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-46159. Vulnerability Details CVEID:CVE-2023-46159 DESCRIPTION: IBM Storage Ceph 5.3z1, 5.3z5, and 6.1z1...
Security Bulletin: Vulnerabilities in Apache Commons IO library affect IBM SPSS Collaboration and Deployment Services
Summary Vulnerabilities in Apache Commons IO library affect IBM SPSS Collaboration and Deployment Services CVE-2024-47554. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Common...
Security Bulletin: There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-24970)
Summary There is a vulnerability in netty-handler-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in...
Security Bulletin: There is a vulnerability in CPython used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-7592,CVE-2024-6232,CVE-2024-8775)
Summary There is a vulnerability in CPython used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-7592 DESCRIPTION: There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing...
Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (January 2025)
Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a...
Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to vulnerable to a denial of service due to Netty.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to vulnerable to a denial of service due to Netty.. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchrono...