Security Bulletin: IBM Security QRadar Log Management AQL Plugin is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM Security QRadar Log Management AQL Plugin has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-24051 DESCRIPTION:...

Security Bulletin: Vulnerability in brotli affects IBM Netezza Appliance

Summary The brotli package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-6176 Vulnerability Details CVEID:CVE-2025-6176 DESCRIPTION: Scrapy versions up to 2.13.2 are vulnerable to a denial of service DoS attack due to a flaw in its brotli...

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Eclipse Jersey Race Condition (CVE-2025-68161)

Summary The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perfor...

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary IBM Concert Workflows addresses multiple security vulnerabilities that originate from IBM Rapid Infrastructure Automation. IBM Concert Workflows is built on the same underlying technology and provides equivalent core functionality. Vulnerability Details CVEID:CVE-2025-23022 DESCRIPTION:...

Security Bulletin: IBM watsonx.data integration (Data Observability) is vulnerable to node-forge-1.3.1.tgz due to CVE-2025-12816 ( CVE number(s) )

Summary An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Spring

Summary There are vulnerabilities in Spring used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-22732, CVE-2026-22735, CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Cross-site scripting (XSS) vulnerability due to Apache Solr

Summary Admin UI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the Solr administrative web interface. CVE-2015-8797. Vulnerability Details CVEID:CVE-2015-8797 DESCRIPTION: Cross-site scripting XSS vulnerability in webapp/web/js/scripts/plugins.js in the stats page i...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service and weaker than expected security vulnerabilities in WebSphere Application Server Liberty

Summary WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of the application security stack and security utility. CVE-2025-14923 and CVE-2024-29371. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses lodash-4.17.21.tgz, tomcat-embed-core-10.1.49.jar, Markdown-3.7-py3-none-any.whl, spring-webmvc-6.2.14.jar, torch-2.10.0-cp311-cp311-manylinux228x8664.whl, and FlaskHTTPAuth-4.8.0-py3-none-any.whl, which are vulnerable to CVE-2025-13465, CVE-2025-66614,...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses logback-core-1.5.21.jar, spring-web-6.2.14.jar, pygments-2.19.2-py3-none-any.whl, and cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, which are vulnerable to CVE-2026-1225, CVE-2026-22735, CVE-2026-4539, and CVE-2026-34073. This bulletin contains information...

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14923, CVE-2025-14915, CVE-2024-29371, CVE-2026-1561, CVE-2026-29063, CVE-2025-14917. This has been addressed in the remediation section. Vulnerability...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses mlflow-3.1.0-py3-none-any.whl, fast-xml-parser-4.5.3.tgz, nltk-3.9.1-py3-none-any.whl, tar-7.4.3.tgz, tar-7.5.9.tgz, PyJWT-2.10.1-py3-none-any.whl, pyasn1-0.6.2-py3-none-any.whl, fast-xml-parser-5.3.6.tgz, jackson-core-2.19.4.jar,...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses nltk-3.9.1-py3-none-any.whl, mlflow-3.1.0-py3-none-any.whl, and spring-security-web-6.5.7.jar, which are vulnerable to CVE-2025-14009, CVE-2026-2635, CVE-2026-0848, and CVE-2026-22732. This bulletin contains information regarding how to address the vulnerabilities...

Security Bulletin: Carbon Charts React Router Security Vulnerabilities

Summary Carbon Charts versions prior to v1.27.8 include a vulnerable version of React Router that is susceptible to five security vulnerabilities CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030 with severity ranging from Medium to High CVSS 6.1 to 8.2. These...

Security Bulletin: Carbon Charts lodash-es Security Vulnerabilities

Summary Carbon Charts versions prior to 1.27.8 include lodash-es version 4.17.23, which contains two security vulnerabilities: a prototype pollution vulnerability CVE-2026-2950, CVSS 5.3 in the .unset and .omit functions that allows deletion of properties from built-in prototypes, and a critical...

Security Bulletin: Multiple security vulnerabilities related to Angular and JJWT have been fixed in IBM Informix HQ 3.2.2.

Summary IBM Informix HQ versions before 3.2.2 are affected by several security flaws in third-party components Angular and JJWT. These vulnerabilities have been fixed in IBM Informix HQ 3.2.2. Vulnerability Details CVEID:CVE-2026-27970 DESCRIPTION: Angular is a development platform for building...

Security Bulletin: Due to the use of Perl, IBM Tivoli Network Manager IP Edition (ITNM) is affected by vulnerable version of Zlib within Perl.

Summary Perl is used by IBM Tivoli Network Manager IP Edition ITNM for core agents processing, collectors and general tooling CVE-2026-4176. Vulnerability Details CVEID:CVE-2026-4176 DESCRIPTION: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9...

Security Bulletin: Multiple Vulnerabilities in Hyper-Converged Database

Summary Multiple vulnerabilities were addressed in Hyper-Converged Database version 1.2.5 Vulnerability Details CVEID:CVE-2024-56433 DESCRIPTION: shadow-utils aka shadow 4.4 through 4.17.0 establishes a default /etc/subuid behavior e.g., uid 100000 through 165535 for the first user account that c...

Security Bulletin: IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability (CVE-2026-6389)

Summary IBM Turbonomic Prometurbo is an agent used by IBM Turbonomic Application Resource Management to integrate with Prometheus to collect application metrics and send them to Turbonomic for analysis and generation of optimization plans. A security vulnerability has been addressed in the IBM...

Security Bulletin: InfoSphere Data Architect (IDA) is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in InfoSphere Data Architect IDA 9.2.0 . The vulnerabilities have been addressed in 9.2.1 version. Hence, IBM strongly recommends upgrading to 9.2.1 Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since releas...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.1 Vulnerability Details CVEID:CVE-2026-33916 DESCRIPTION: Handlebars provides the power necessary to let users build...

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Patch 3 Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected...

Security Bulletin: Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic

Summary Platform Navigator in IBM Cloud Pak for Integration is vulnerable to vulnerability in Elliptic. CVE-2025-14505 The vulnerability have been addressed Vulnerability Details CVEID:CVE-2025-14505 DESCRIPTION: The ECDSA implementation of the Elliptic package generates incorrect signatures if a...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Lodash

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in Lodash. CVE-2025-13465 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules.

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to multiple node modules. Vulnerability Details CVEID:CVE-2026-33916 DESCRIPTION:...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2026 Critical Patch Update. For more information please refer to Oracle's April 2026 CPU Advisory and the CVE links referenced below. Vulnerability Details...

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager affected by multiple vulnerabilities due to IBM Java and its runtime

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of IBM Java and runtimes CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service,...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to an issue in plexus-utils

Summary There is a vulnerability in plexus-utils used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability ...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2022-49846, CVE-2025-21759, CVE-2025-21887, CVE-2025-22004, CVE-2025-37799 Vulnerability Details CVEID:CVE-2022-49846 DESCRIPTION: In the Linux kernel, the following...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2023-53373, CVE-2025-38556, CVE-2025-38614, CVE-2025-39757 Vulnerability Details CVEID:CVE-2023-53373 DESCRIPTION: In the Linux kernel, the following vulnerability has been...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-21966, CVE-2025-37749, CVE-2025-21756 Vulnerability Details CVEID:CVE-2025-21966 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: dm-flake...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-37803, CVE-2025-38392, CVE-2025-39825 Vulnerability Details CVEID:CVE-2025-37803 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: udmabuf:...

Security Bulletin: Vulnerabilities in httpd affects IBM Netezza Appliance

Summary The httpd package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-58098, CVE-2025-65082, CVE-2025-66200 Vulnerability Details CVEID:CVE-2025-58098 DESCRIPTION: Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled an...

Security Bulletin: Vulnerability in iperf affects IBM Netezza Appliance

Summary The iperf package is used by IBM Netezza Appliance. IBM Netezza Appliance has addressed the applicable CVE CVE-2025-54349. Vulnerability Details CVEID:CVE-2025-54349 DESCRIPTION: In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-21920, CVE-2025-21926, CVE-2025-21997, CVE-2025-22055, CVE-2025-37785, CVE-2025-37943 Vulnerability Details CVEID:CVE-2025-21920 DESCRIPTION: In the Linux kernel, the...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-68285, CVE-2025-40154, CVE-2025-39697, CVE-2025-37891, CVE-2025-37849, CVE-2025-21795 Vulnerability Details CVEID:CVE-2025-68285 DESCRIPTION: In the Linux kernel, the...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38471, CVE-2025-38250, CVE-2025-38159, CVE-2025-38124, CVE-2024-28956, CVE-2025-21867, CVE-2025-38084, CVE-2025-38085 Vulnerability Details CVEID:CVE-2025-38471...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2023-53034, CVE-2025-37761, CVE-2025-40318, CVE-2025-40277, CVE-2025-40258, CVE-2025-40251, CVE-2025-38289, CVE-2025-40141, CVE-2025-37869, CVE-2025-37789, CVE-2025-37819...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38472, CVE-2025-38527, CVE-2025-38718, CVE-2025-39682, CVE-2025-39698 Vulnerability Details CVEID:CVE-2025-38472 DESCRIPTION: In the Linux kernel, the following...

Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza Appliance

Summary TheOpenSSL package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-9230 Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can...

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.3 Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF02 Vulnerability Details CVEID:CVE-2025-14831 DESCRIPTION: A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory...

Security Bulletin: Inadequate Pod Communication Restrictions, affects watsonx.data

Summary A security vulnerability has been identified in IBM watsonx.data due to insufficient restrictions on inter-pod communication. This misconfiguration may allow unauthorized data transfer between pods within the environment. Vulnerability Details CVEID:CVE-2025-36180 DESCRIPTION: IBM Lakehou...

Security Bulletin: IBM Guardium Data Protection is affected by a single vulnerability (CVE-2025-5115)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-5115 DESCRIPTION: In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for exampl...

Security Bulletin: IBM Guardium Data Protection is affected by a single vulnerability (CVE-2025-8916)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a hang or...

Security Bulletin: Enterprise Content Managemant System Monitor for March 2026 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

Security Bulletin: vulnerability addressed in IBM Big Replicate LiveData Migrator 3.4

Summary The libraries affected include Aircompressor. Dependency packages are being used by IBM Big Replicate LiveData Migrator. This bulletin describes the upgrades necessary to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: Aircompressor is a library with...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-33750)

Summary IBM Security SOAR uses an older version of the brace-expansion component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-33532)

Summary IBM Security SOAR uses an older version of the YAML component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a...