35661 matches found
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in its dependencies (CVE-2022-45688, CVE-2023-28439, CVE-2023-33201, CVE-2023-41900, CVE-2023-36479, CVE-2023-40167, CVE-2023-36478, )
Summary Multiple vulnerabilities over HuTool, JSON-java, CKEditor4, Bouncy Castle and Eclipse Jetty is affecting IBM Sterling Control Center v6.2.1.0. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2022-45688 DESCRIPTION: Hutool is...
Security Bulletin: Multiple Vulnerabilities in glibc affect Cloud Pak System [CVE-2024-33600, CVE-2024-33601]
Summary Vulnerabilities in glibc affect Cloud Pak System. Vulnerability Details CVEID:CVE-2024-33600 DESCRIPTION: nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's nscd cache fails to add a not-found netgroup response to the cache, the client request can result...
Security Bulletin: Vulnerability in Apache Kafka Clients affects watsonx.data
Summary Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients.These could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege...
Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server (CVE-2023-38737)
Summary Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server CVE-2023-38737. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerab...
Security Bulletin: Vulnerability in Bootstrap (CVE-2024-6531) affects Power HMC.
Summary The Bootstrap library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-6531 DESCRIPTION: Node.js Bootstrap module is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 1.0.5 Vulnerability Details CVEID:CVE-2023-39326 DESCRIPTION: Golang Go could allow a remote attacker to obtain sensitive information, caused by a flaw in the net/http package. By sending a specially crafted HTTP...
Security Bulletin: IBM Automation Decision Services for Sept 2024 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2023-45288...
Security Bulletin: Rational Test Virtualization Server and Rational Test Workbench are vulnerable to denial of service due to Spring MVC (CVE-2024-38828)
Summary Rational Test Control Panel RTCP component of Rational Test Virtualization Server and Rational Test Workbench uses Spring MVC which is vulnerable to a denial of service attack CVE-2024-38828. Vulnerability Details CVEID:CVE-2024-38828 DESCRIPTION: Spring MVC controller methods with an...
Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service (CVE-2024-53088)
Summary IBM DataPower Gateway uses the ethernet driver on hardware platforms. Vulnerability Details CVEID:CVE-2024-53088 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the...
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java and Node.js
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Cloud Transformation Advisor CVE-2019-20916, CVE-2021-37714, CVE-2016-2175, CVE-2025-26791, CVE-2025-1470, CVE-2025-1471. Vulnerability Details CVEID:CVE-2019-20916 DESCRIPTION: pypa pip package for python could allow a...
Security Bulletin: IBM Application Modernization Accelerator is vulnerable to multiple vulnerabilities found in Java and Node.js
Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2025-26791, CVE-2025-1470, CVE-2025-1471. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression,...
Security Bulletin: After deploying IBM Storage Virtualize vSphere Remote Plug-in, credentials used for vSphere admin and registration with IBM Storage Virtualize products may be exposed in the plugin support package (CVE-2023-43029)
Summary The credentials-encrypted key is not unique across all IBM Storage Virtualize vSphere Remote Plugin virtual machine instances deployed from a Fix Central via OVA. It is possible that the credentials for IBM FlashSystem, IBM SAN Volume Controller, IBM Storwize, vSphere admin, and...
Security Bulletin: IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite - IoT Component uses "Apache httpd 2.4" which is vulnerable to multiple CVE's and this bulletin contains information regarding the vulnerability and its fixture Vulnerability Details CVEID:CVE-2019-10082 DESCRIPTION: Apache HTTP Server could allow a remote...
Security Bulletin: IBM Aspera Desktop App is vulnerable to mutation cross-site scripting (mXSS). (CVE-2025-26791)
Summary DOMPurify component is vulnerable to mutation cross-site scripting mXSS which has been addressed in IBM Aspera Desktop App version v1.0.8 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading ...
Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by confidentiality vulnerability (CVE-2015-7399)
Summary WebSphere Message Broker and IBM Integration Bus could allow a potential attacker to identify the technology used to handle incoming HTTP requests Vulnerability Details CVEID: CVE-2015-7399 DESCRIPTION: IBM Integration Bus could allow a potential attacker to identify the technology used t...
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML Jackson (IBM X-Force ID: 256137)
Summary IBM App Connect for Manufacturing is vulnerable to a denial of service due to FasterXML Jackson, caused by improper input validation by the StreamReadConstraints value field Vulnerability Details IBM X-Force ID: 256137 DESCRIPTION: FasterXML Jackson Core is vulnerable to a denial of...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...
Security Bulletin: Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration
Summary Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not...
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Planning Analytics Workspace. For more information about the vulnerability impact, refer to the table in the "Related Information" section. This Security Bulletin relates only to the direct usage of...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917
Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE March 2025 Critical Patch Update affecting IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory...
Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (Nov 2024)
Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to the improper handling of permissions (CVE-2024-51459)
Summary A vulnerability due to the improper handling of permissions in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-51459 DESCRIPTION: IBM InfoSphere Information could allow a local user to execute privileged commands due to the improper handling of...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Apache Axis, CKEditor4 & IBM MQ (CVE-2014-3596, CVE-2018-8032, CVE-2019-0227, CVE-2012-5784, CVE-2021-38986, CVE-2022-22321, CVE-2023-28439)
Summary IBM Sterling Control Center is affected by vulnerabilities in on Apache Axis, CKEditor4 & IBM MQ. Customers must upgrade to latest patch below to address this vulnerability. Vulnerability Details CVEID:CVE-2014-3596 DESCRIPTION: Apache Axis and Axis2 could allow a remote attacker to condu...
Security Bulletin: IBM Security QRadar EDR could allow Unauthorized File Retrieval via SMB (CVE-2024-45644)
Summary IBM Security QRadar EDR allows SMB file downloads, restricted to Administrator and Responder accounts. This behavior follows Windows OS defaults, and documentation will be updated to recommend NTLM restrictions and least privilege access controls. Vulnerability Details CVEID:CVE-2024-4564...
Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15
Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...
Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9.
Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool. Vulnerability Details CVEID:CVE-2025-25184 DESCRIPTION: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be...
Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2025-25283
Summary parse-duration-1.1.0.tgz is used by IBM Support for Hyperledger Fabric Console. Vulnerability Details CVEID:CVE-2025-25283 DESCRIPTION: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop...
Security Bulletin: AIX is vulnerable to a denial of service (CVE-2025-26466) and a machine-in-the-middle attack (CVE-2025-26465) due to OpenSSH
Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to cause a denial of service CVE-2025-26466 or a machine-in-the-middle attack CVE-2025-26465. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2025-26466 DESCRIPTION: A flaw was found in the OpenSSH...
Security Bulletin: Vulnerability in Buildah affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Buildah has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in GNU Wget affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in GNU Wget has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...
Security Bulletin: Vulnerability in Flatpak affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Flatpak has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Vulnerability in Natural Language Toolkit (NLTK) affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Natural Language Toolkit NLTK has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional...
Security Bulletin: StackOverflow Vulnerability affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential StackOverflow vulnerability has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Multiple OS vulnerabilities affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential Multiple OS vulnerabilities has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: StackOverflow vulnerability affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential StackOverflow vulnerability has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerabilities in Google Chrome affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Google Chrome has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Vulnerability in Certifi affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.
Summary Potential vulnerability in Certifi has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.e . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to server-side request forgery (CVE-2024-49822)
Summary QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to to server-side request forgery which may allow an authenticated attacker to send unauthorized requests. This vulnerability has been addressed in the update. Vulnerability Details CVEID:CVE-2024-49822 DESCRIPTION: IBM QRadar...
Security Bulletin: QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. QRadar Advisor With Watson for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could...
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.291 Vulnerability Details CVEID:CVE-2021-20293 DESCRIPTION: RESTEasy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit thi...
Security Bulletin: Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System [CVE-2024-27268]
Summary Vulnerability in WebSphere Application Server Liberty affect Cloud Pak System WebSphere Application Server WAS Patterns. Vulnerability Details CVEID:CVE-2024-27268 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused ...
Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-1681]
Summary The Flask-Cors package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-1681. Vulnerability Details CVEID:CVE-2024-1681 DESCRIPTION: Flask-CORS could allow a remote attacker to bypass security restrictions, caused ...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to pillow-10.2.0-cp38-cp38-manylinux_2_28_x86_64.whl CVE-2024-28219
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to pillow-10.2.0-cp38-cp38-manylinux228x8664.whl CVE-2024-28219. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-28219 DESCRIPTION: Pillow is vulnerable to a buff...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to netty-common-4.1.111.Final.jar CVE-2024-47535. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network...
Security Bulletin: IBM Sterling Global Availability Mailbox is affected by a vulnerability in Cassandra Reaper
Summary Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to a denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty CVE-2024-40094
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to a denial of service due to GraphQL Java in IBM WebSphere Application Server Liberty CVE-2024-40094. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-40094...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-45230
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to Django-4.2.15-py3-none-any.whl CVE-2024-28219. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45230 DESCRIPTION: Django is vulnerable to a denial of service,...
Security Bulletin: IBM Observability with Instana for Self-Hosted Standard Edition is affected by multiple Vulnerabilities
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana for Self-Hosted Standard Edition 291 CVE-2024-45337, CVE-2024-41110, CVE-2024-3596 Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate via...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 291 Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.2 Vulnerability Details CVEID:CVE-2024-21236 DESCRIPTION: Oracle MySQL Server is vulnerable to a denial of service related to the InnoDB component. By sending a specially crafted request, a remote authenticated...