35661 matches found
Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to jinja is an extensible templating engine.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to jinja is an extensible templating engine. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible...
Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to authenticate a server may fail to notice that the server was not authenticated.
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component vulnerable to Clients that enable server-side raw public keys can still find out that raw public key verification. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM DataPower Gateway vulnerable to denial of service and remote code execution through use of Redis
Summary IBM DataPower Gateway uses Redis internally for gateway peering. Vulnerability Details CVEID:CVE-2024-46981 DESCRIPTION: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and...
Security Bulletin: Multiple vulnerabilities exists in Spring and Xstream affect IBM Tivoli Network Configuration Manager
Summary Multiple vulnerabilities exists in Spring and Xstream affect IBM Tivoli Network Configuration Manager ITNCM IP Edition v6.4.2. Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are...
Security Bulletin: Multiple vulnerabilities exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.
Summary Multiple vulnerabilitis exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager ITNCM IP Edition v6.4.2. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with networ...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2025-24514, CVE-2025-1097, CVE-2025-1098)
Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities where a user that can create or update Ingress objects can use the nginx.ingress.kubernetes.io/auth-url annotation CVE-2025-24514 or the nginx.ingress.kubernetes.io/auth-tls-match-cn...
Security Bulletin: Multiple Java Vulnerabilities in IBM Event Streams
Summary Multiple Java SE vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
Security Bulletin: IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. The update addresses these issues. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certa...
Security Bulletin: Vulnerable Version Of Software In Use for watsonx Code Assistant On Prem product
Summary Watsonx Code Assistant On Prem product uses version of Python which has a known vulnerability Vulnerability Details CVEID:CVE-2024-0450 DESCRIPTION: Python CPython is vulnerable to a denial of service, caused by improper input validation by the zipfile module. By persuading a victim to op...
Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 21 (4.2.0.21)
Summary IBM Tivoli Network Manager IP Edition version 4.2 Fix Pack 21 4.2.0.21 Core components carries a JRE version which is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerabili...
Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting
Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID:CVE-2024-56341 DESCRIPTION: IBM Content Navigator is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus...
Security Bulletin: IBM DataPower Gateway vulnerable to denial of service due to rustls
Summary Rustls is used in gateway peering Vulnerability Details CVEID:CVE-2024-11738 DESCRIPTION: A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service panic via a fragmented TLS ClientHello message. CWE:CWE-248: Uncaught Exception CVSS Source:...
Security Bulletin: IBM DataPower Gateway vulnerable to naming confusion (CVE-2024-12224)
Summary idna is used in the GitOps feature. Vulnerability Details CVEID:CVE-2024-12224 DESCRIPTION: idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal...
Security Bulletin: IBM Watson Speech Services Cartridge v5.1.1 is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge v5.1.1 is vulnerable to multiple Operator package issues.. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below...
Security Bulletin: IBM Watson Speech Services Cartridge v5.1.1 is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2019-12900...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a man-in-the-middle attack in OpenSSL [CVE-2024-12797]
Summary IBM Watson Speech Services Cartridge is vulnerable to a man-in-the-middle attack in OpenSSL, caused by a failure to abort TLS/DTLS handshakes in RFC7250 Raw Public Key RPK authentication CVE-2024-12797. OpenSSL is used by our Speech runtimes. This vulnerabilitiy has been addressed. Please...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar [CVE-2024-28863]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar, caused by the lack of folders count validation CVE-2024-28863. Isaacs node-tar is used by our Speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar [CVE-2024-28863]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in isaacs node-tar, caused by the lack of folders count validation CVE-2024-28863. Isaacs node-tar is used by our Speech microservices. This vulnerabilitiy has been addressed. Please read the details for remediation...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Golang Go [CVE-2024-34155]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Golang Go, caused by a stack exhaustion in all Parse functions CVE-2024-34155. Golang Go is used by our Speech utilities. This vulnerabilitiy has been addressed. Please read the details for remediation below...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in Golang crypto [CVE-2025-22866]
Summary IBM Watson Speech Services Cartridge is vulnerable to an information disclosure in the Golang crypto/internal/nistec package, due to the usage of a variable time instruction in the assembly implementation of an internal function CVE-2025-22866. Golang crypto is used by our Speech utilitie...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in Golang crypto [CVE-2024-45341]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in the crypto/x509 package of the Golang standard library, caused by a faulty certificate URI CVE-2024-45341. Golang is used by our Speech utilities. This vulnerabilitiy has been addressed. Please read the details for...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in Hugging Face Transformers [CVE-2024-11392, CVE-2024-11393, CVE-2024-11394]
Summary IBM Watson Speech Services Cartridge is vulnerable to arbitrary code execution in Hugging Face Transformers, caused by a flaw in the parsing of model files CVE-2024-11392, CVE-2024-11393, CVE-2024-11394. Hugging Face Transformers is used by our Speech runtimes. This vulnerabilitiy has bee...
Security Bulletin: Multiple vulnerabilities disclosed in Netty affect IBM SPSS Analytic Server
Summary Multiple vulnerabilities disclosed in Netty affect IBM SPSS Analytic Server CVE-2025-24970, CVE-2025-25193. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has...
Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2023-45288.
Summary Golang's net/http is used by the CP4D Scheduling Service for http communication. CVE-2023-45288. Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames...
Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-36129.
Summary OpenTelemetry Collector is used by the CP4D Scheduling Service for telemetry collection. CVE-2024-36129. Vulnerability Details CVEID:CVE-2024-36129 DESCRIPTION: OpenTelemetry OpenTelemetry Collector is vulnerable to a denial of service, caused by an unsafe decompression vulnerability. By...
Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to CVE-2024-45506.
Summary HAProxy is used by the CP4D Scheduling Service for multicluster scheduling. CVE-2024-45506. Vulnerability Details CVEID:CVE-2024-45506 DESCRIPTION: HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding...
Security Bulletin: IBM CloudPak for Data Scheduling Service is vulernable to IBM X-Force ID: 350626.
Summary GRPC-Go is used by the CP4D Scheduling Service for inter-process communication. IBM X-Force ID: 350626. Vulnerability Details IBM X-Force ID: 350626 DESCRIPTION: gRPC-Go is vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sendi...
Security Bulletin: Multiple vulnerabilities found in IBM TXSeries for Multiplatforms.
Summary IBM TXSeries for Multiplatforms has been updated in order to address multiple vulnerabilities. Vulnerability Details CVEID:CVE-2024-56475 DESCRIPTION: IBM TXSeries for Multiplatforms is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
Security Bulletin: There is a vulnerability in org.eclipse.core.runtime-3.14.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-4218)
Summary There is a vulnerability in org.eclipse.core.runtime-3.14.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to leaking sensitive information due to the ClassGraph package ( CVE-2021-47621 )
Summary ClassGraph is used by DataStage on Cloud Pak for Data as part of the path and module scanning functionality. Vulnerability Details CVEID:CVE-2021-47621 DESCRIPTION: ClassGraph could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...
Security Bulletin: IBM Copy Services Manager may be affected by multiple vulnerabilities due to IBM SDK which are addressed in the Java Technology Edition quarterly updates
Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Patch Update. Although likelihood of these issues being exploited is very low, IBM Copy Services Manager frequently updates product stack to ensure the utmost security is maintained. Vulnerability Details Refer to t...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)
Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)
Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)
Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to systeminformation-5.22.11.tgz CVE-2024-56334. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56334 DESCRIPTION: systeminformation is a System and OS informati...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-47831
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-47831. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-47831 DESCRIPTION: Vercel Next.js is vulnerable to a denial of service, caused ...
Security Bulletin: A security vulnerability was identified in IBM Jazz Reporting Service (CVE-2024-25051)
Summary A security vulnerability was identified in IBM Jazz Reporting Service, where user sessions are not properly invalidated after logout. Vulnerability Details CVEID:CVE-2024-25051 DESCRIPTION: IBM Jazz Reporting Service does not invalidate session after logout which could allow an...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-51479
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-51479. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-51479 DESCRIPTION: Next.js is a React framework for building full-stack web...
Security Bulletin: There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763)
Summary There is a vulnerability in jetty-server-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includ...
Security Bulletin: There is a vulnerability in jetty-http-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-6763)
Summary There is a vulnerability in jetty-http-9.4.53.v20231009.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes...
Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-25193)
Summary There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application CVE-2025-25193 Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...
Security Bulletin: There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2024-47535)
Summary There is a vulnerability in netty-common-4.1.101.Final.jar used by IBM Maximo Asset Management application CVE-2024-47535 Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...
Security Bulletin: There is a vulnerability in netty-handler-4.1.101.Final.jar used by IBM Maximo Asset Management application (CVE-2025-24970)
Summary There is a vulnerability in netty-handler-4.1.101.Final.jar used by IBM Maximo Asset Management application CVE-2025-24970 Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version...
Security Bulletin: There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Asset Management application (CVE-2024-31141)
Summary There is a vulnerability in kafka-clients-3.6.0.jar used by IBM Maximo Asset Management application CVE-2024-31141 Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl CVE-2024-56201
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to jinja2-3.1.4-py3-none-any.whl CVE-2024-56201. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prio...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.7.1.jar CVE-2024-31141
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.7.1.jar CVE-2024-31141. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties,...
Security Bulletin: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients (CVE-2024-47535) affects IBM PowerVM Novalink.
Summary Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients is used by IBM PowerVM Novalink. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on...
Security Bulletin: Vulnerabilities in Java SE (component: Hotspot: CVE-2024-10917, CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208) affect IBM PowerVM Novalink.
Summary Java SE component: Hotspot is used by IBM PowerVM Novalink. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete...
Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Storage Protect Operations Center (CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917).
Summary IBM Storage Protect Operations Center may be affected by multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8. These vulnerabilities could potentially result in denial-of-service DoS, data loss, and compromise the availability and integrity of the host system...