35665 matches found
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.
Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2024-7264, CVE-2024-9681 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.6.1. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted...
Security Bulletin: IBM Security SOAR is using components with multiple known vulnerabilities (CVE-2024-21235, CVE-2024-21217, CVE-2024-21210, CVE-2024-21208, CVE-2024-10917)
Summary IBM Security SOAR uses an older version of Java that may be identified and exploited. An update has been released which addresses these issues. It is recommended that customers upgrade to Version 51.0.5.0 or later of IBM Security SOAR. AppHost users should upgrade to version 1.15.3.2 or...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for February 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF001 and IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management...
Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard.
Summary There are multiple vulnerabilities in the Java SE version that is shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot...
Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Advanced.
Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Advanced. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult...
Security Bulletin: Vulnerability in Flask affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [ CVE-2023-30861]
Summary The Flask package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2023-30861 Vulnerability Details CVEID:CVE-2023-30861 DESCRIPTION: Pallets Flask could allow a remote attacker to obtain sensitive information, caused by...
Security Bulletin: Due to use of go-git, IBM Instana Observability is vulnerable to a denial of service and argument injection vulnerability.
Summary go-git is used by IBM Instana Observability CVE-2025-21613, CVE-2025-21614 Vulnerability Details CVEID:CVE-2025-21613 DESCRIPTION: go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to...
Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server. have been remediated Vulnerability Details CVEID:CVE-2024-45086 DESCRIPTION: IBM WebSphere Application Server is vulnerable to an XML external...
Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-40094
Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM Business Automation Workflow Process Federation Server and User Management Service. IBM WebSphere Application Server Liberty is also the foundation of many images in IBM Business Automation Workflow on Containers. I...
Security Bulletin: Multiple Vulnerabilities in IBM Event Processing
Summary IBM Event Processing was affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop...
Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2024-7254
Summary IBM Business Automation Workflow traditional includes optional components running on WebSphere Liberty: User Management Service and Process Federation Service. IBM Business Automation Workflow on Containers builds upon WebSphere Liberty, too. A security vulnerability has been reported for...
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.
Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service...
Security Bulletin: There is a vulnerability in xmlbeans-2.6.0.jar used by IBM SPSS Collaboration and Deployment Service (CVE-2021-23926)
Summary There is a vulnerability in xmlbeans-2.6.0.jar used by IBM SPSS Collaboration and Deployment Service CVE-2021-23926 Vulnerability Details CVEID:CVE-2021-23926 DESCRIPTION: Apache XMLBeans is vulnerable to a denial of service, caused by an XML external entity XXE error when processing XML...
Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed
Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2019-9169 DESCRIPTION: GNU glibc is vulnerable to a heap-based buffer overflow, caused by a buff...
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message (CVE-2024-39725)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Information Exposure Through Error Message CVE-2024-39725. Vulnerability Details CVEID:CVE-2024-39725 DESCRIPTION: IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacke...
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download (CVE-2024-41771) and Archive File Download (CVE-2024-41770)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Temporary File Download CVE-2024-41771 and Archive File Download CVE-2024-41770. Vulnerability Details CVEID:CVE-2024-41770 DESCRIPTION: IBM Engineering Requirements Management DOORS Next could allow a remote attacker to...
Security Bulletin: Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services (CVE-2023-20863)
Summary Vulnerability in Spring Framework affects IBM SPSS Collaboration and Deployment Services CVE-2023-20863 Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially...
Security Bulletin: Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services [CVE-2022-46337]
Summary Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services CVE-2022-46337 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in...
Security Bulletin: Vulnerability in IBM WebSphere Application Server affect IBM Cloud Pak System [CVE-2024-26026]
Summary Vulnerability in IBM WebSphere Application Server Liberty affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of...
Security Bulletin: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass affects watsonx.data
Summary Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-45337 DESCRIPTION: Applications and libraries which misuse connection.serverAuthenticate...
Security Bulletin: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability affects watsonx.data
Summary Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat, which could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-56337 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from...
Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow Advanced - CVE-2024-54179
Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2024-54179 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript co...
Security Bulletin: Multiple Vulnerabilities in IBM Events Operator
Summary Multiple vulnerabilities were addressed in IBM Events Operator version 5.1.0 Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints. By...
Security Bulletin: Vulnerability in Werkzeug affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-25577, CVE-2023-23934]
Summary The Werkzeug package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-25577, CVE-2023-23934. Vulnerability Details CVEID:CVE-2023-25577 DESCRIPTION: Pallets Werkzeug is vulnerable to a denial of service, caused by ...
Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities
Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, a debug protection vulnerability has been addressed. Please refer to the table in the...
Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities
Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, a vulnerability related to Source Code Obfuscation has been addressed. Please refer to...
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to Xml Entity Injection (CVE-2024-39726)
Summary IBM Engineering Requirements Management DOORS Next is vulnerable to Xml Entity Injection CVE-2024-39726. Vulnerability Details CVEID:CVE-2024-39726 DESCRIPTION: IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection...
Security Bulletin: ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager (FNCM) Content Search Services (CSS)
Summary ThoughtWorks XStream CVE-2024-47072 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow in BinaryStreamDriver. By...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high...
Security Bulletin: Multiple security vulnerabilities in Cloud Pak foundational services are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF001
Summary IBM Cloud Pak for Business Automation 24.0.1-IF001 updates the version of IBM Cloud Pak foundational services to address multiple security vulnerabilities. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: expressjs express is vulnerable to cross-site scripting, caused by improper...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to golang.org/x/net/html, libxml2 and openssl
Summary golang.org/x/net/html, libxml2, openssl, IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service by crafting an input to the Parse functions, and providing weaker than expected security which might allow an attacker to access potentially...
Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450)
Summary The Knowledge Center Component used in Version 9 of the WebSphere Application Server needs an updated Apache Commons Collections library. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT...
Security Bulletin: IBM MQ is affected by multiple vulnerabilities in the IBM Runtime Environment, Java Technology Edition
Summary Multiple issues were identified with IBM Runtime Environment, Java Technology Edition, version 8 which is shipped with IBM MQ. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated...
Security Bulletin: IBM MQ Console is affected by a command injection vulnerability (CVE-2025-0975)
Summary IBM MQ has addressed a command injection vulnerability in the MQ Console Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper Neutralization of...
Security Bulletin: IBM MQ is affected by a denial of service vulnerability (CVE-2025-23225)
Summary IBM MQ has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-23225 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. CWE:CWE-230: Improper Handling of Missin...
Security Bulletin: IBM MQ Console is affected by a password disclosure vulnerability (CVE-2024-54173)
Summary IBM MQ Console has addressed a password disclosure vulnerability Vulnerability Details CVEID:CVE-2024-54173 DESCRIPTION: IBM MQ reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enabled. CWE:CWE-1323: Improper Management o...
Security Bulletin: IBM MQ affected by denial of service vulnerability (CVE-2024-54175)
Summary IBM MQ has addressed a denial of service vulnerability Vulnerability Details CVEID:CVE-2024-54175 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. CWE:CWE-754: Improper Check for Unusual or Exceptiona...
Security Bulletin: IBM MQ Appliance Console is affected by code injection vulnerability (CVE-2025-0975)
Summary IBM MQ Appliance has addressed a code injection vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2025-0975 DESCRIPTION: IBM MQ console could allow an authenticated user to execute code due to improper neutralization of escape characters. CWE:CWE-150: Improper...
Security Bulletin: IBM MQ Appliance is affected by multiple Java vulnerabilities (CVE-2024-10197, CVE-2024-21208 and CVE-2024-21217)
Summary IBM MQ Appliance has addressed multiple Java vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...
Security Bulletin: IBM MQ Appliance is affected by Linux kernel vulnerabilities (CVE-2024-53088 and CVE-2024-53122)
Summary IBM MQ Appliance has addressed Linux kernel vulnerabilities. Vulnerability Details CVEID:CVE-2024-53088 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e...
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2025-23225)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-23225 DESCRIPTION: IBM MQ could allow an authenticated user to cause a denial of service due to the improper handling of invalid headers sent to the queue. CWE:CWE-230: Improper Handling...
Security Bulletin: IBM MQ Appliance affected by a denial of service vulnerability (CVE-2024-54175)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2024-54175 DESCRIPTION: IBM MQ could allow a local user to cause a denial of service due to an improper check for unusual or exceptional conditions. CWE:CWE-754: Improper Check for Unusual or...
Security Bulletin: IBM MQ Appliance Console is affected by a sensitive information disclosure vulnerability (CVE-2024-54173)
Summary IBM MQ Appliance has addressed a sensitive information disclosure vulnerability in the IBM MQ Console. Vulnerability Details CVEID:CVE-2024-54173 DESCRIPTION: IBM MQ reveals potentially sensitive information in trace files that could be read by a local user when webconsole trace is enable...
Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software
Summary This release includes information about multiple vulnerabilities, improving the overall security and stability of the application. The types of vulnerabilities resolved include: Cross-Site Scripting XSS Vulnerability: Addressed an issue that could allow an attacker to inject malicious...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restriction bypass in Golang Go [CVE-2024-45337]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security restriction bypass in Golang Go, caused by misuse of ServerConfig.PublicKeyCallback in x/crypto/ssh CVE-2024-45337. Golang Go is used by our Speech Utilities. This vulnerabilitiy has been addressed. Please read the details f...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in golang-jwt [CVE-2024-51744]
Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in golang-jwt, caused by improper error handling in ParseWithClaims CVE-2024-51744. Golang-jwt is used in our Watson Speech Utilities. This vulnerabilitiy has been addressed. Please read the details for...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in PostgreSQL [CVE-2023-39418]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security restrictions bypass in PostgreSQL, caused by failing to enforce UPDATE or SELECT row security policies in MERGE command CVE-2023-39418. PostgreSQL is used in our Watson Speech Utilities. This vulnerabilitiy has been addresse...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git [CVE-2025-21614]
Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git, due to a weakness in Git server allowing crafted responses which may cause resource exhaustion CVE-2025-21614. Go-Git is used in our watson-speech-catalog images. This vulnerabilitiy has been addressed...