Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-26007)

Summary IBM Security SOAR uses an older version of the cryptography component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION:...

Security Bulletin: Due to use of spring-web-6.2.16.jar, IBM Sterling Connect:Direct Web Services is affected by stream corruption issue when using Server-Sent Events (SSE).

Summary spring-web-6.2.16.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22735. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation...

Security Bulletin: Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4

Summary Multiple vulnerabilities addressed in IBM Big Replicate LiveData Migrator 3.4. The libraries affected include tomcat-embed-core-9.0.108.jar Dependency packages are being used by IBM Big Replicate LiveData Migrator. This bulletin describes the upgrades necessary to address the...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38110, CVE-2025-38086, CVE-2025-37958, CVE-2025-37797, CVE-2025-22121, CVE-2025-22113, CVE-2025-22091, CVE-2025-22085, CVE-2025-21905, CVE-2024-57980 Vulnerability Detail...

Security Bulletin: Vulnerability in net-snmp affects IBM Netezza Appliance

Summary The net-snmp package is used by IBM Netezza Appliance. IBM Netezza Appliance has addressed the applicable CVE CVE-2025-68615. Vulnerability Details CVEID:CVE-2025-68615 DESCRIPTION: net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a speciall...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2022-50087, CVE-2025-22026, CVE-2025-38566, CVE-2025-38571, CVE-2025-39817, CVE-2025-39841, CVE-2025-39849 Vulnerability Details CVEID:CVE-2022-50087 DESCRIPTION: In the Linux...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38449, CVE-2025-22097, CVE-2025-38332, CVE-2025-38352 Vulnerability Details CVEID:CVE-2025-38449 DESCRIPTION: In the Linux kernel, the following vulnerability has been...

Security Bulletin: Vulnerability in libsoup affects IBM Netezza Appliance

Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-14523 Vulnerability Details CVEID:CVE-2025-14523 DESCRIPTION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last...

Security Bulletin: Vulnerabilities in GNU C affects IBM Netezza Appliance

Summary The GNU C package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2026-0915, CVE-2026-0861, CVE-2025-15281 Vulnerability Details CVEID:CVE-2026-0915 DESCRIPTION: Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2024-58002, CVE-2025-38089 Vulnerability Details CVEID:CVE-2024-58002 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove...

Security Bulletin: Vulnerability in glib2 affects IBM Netezza Appliance

Summary The glib2 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-13601 Vulnerability Details CVEID:CVE-2025-13601 DESCRIPTION: A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the...

Security Bulletin: Vulnerabilities in python affects IBM Netezza Appliance

Summary The python package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-12084, CVE-2025-13836 Vulnerability Details CVEID:CVE-2025-12084 DESCRIPTION: When building nested elements using xml.dom.minidom methods such as appendChild that have a...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-40300, CVE-2025-39849, CVE-2025-39841, CVE-2025-39817, CVE-2025-39718, CVE-2025-38571, CVE-2025-39702, CVE-2025-38566, CVE-2023-53494, CVE-2023-53373, CVE-2022-50367,...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2023-53125, CVE-2025-37810, CVE-2025-38498, CVE-2025-39694 Vulnerability Details CVEID:CVE-2023-53125 DESCRIPTION: In the Linux kernel, the following vulnerability has been...

Security Bulletin: Vulnerability in gnupg affects IBM Netezza Appliance

Summary The gnupg package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-68973 Vulnerability Details CVEID:CVE-2025-68973 DESCRIPTION: In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-8176, CVE-2025-9900 Vulnerability Details CVEID:CVE-2025-8176 DESCRIPTION: A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38087, CVE-2022-49788, CVE-2025-21727, CVE-2025-21928, CVE-2025-21929, CVE-2025-21962, CVE-2025-22020, CVE-2025-37890, CVE-2025-38052 Vulnerability Details...

Security Bulletin: Carbon chart DOMPurify XSS Vulnerabilities (CVE-2025-15599, CVE-2026-0540)

Summary Two cross-site scripting XSS vulnerabilities CVE-2025-15599 and CVE-2026-0540 were identified in the DOMPurify library versions 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8. These vulnerabilities allow attackers to bypass attribute sanitization by exploiting missing rawtext element...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38684, CVE-2025-38500, CVE-2025-38464, CVE-2025-38461, CVE-2025-38350, CVE-2025-38211, CVE-2025-38200, CVE-2025-37823 Vulnerability Details CVEID:CVE-2025-38684...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2026-0719, CVE-2026-1761 Vulnerability Details CVEID:CVE-2026-0719 DESCRIPTION: A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by...

Security Bulletin: Vulnerability in SSSD affects IBM Netezza Appliance

Summary The SSSD package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-11561 Vulnerability Details CVEID:CVE-2025-11561 DESCRIPTION: A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-21863, CVE-2025-40248, CVE-2025-68301 Vulnerability Details CVEID:CVE-2025-21863 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: iouring:...

Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza Appliance

Summary The OpenSSL package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-69421 Vulnerability Details CVEID:CVE-2025-69421 DESCRIPTION: Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-22058, CVE-2025-37914, CVE-2025-38417 Vulnerability Details CVEID:CVE-2025-22058 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: udp: Fix...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-40300, CVE-2025-39849, CVE-2025-39841, CVE-2025-39817, CVE-2025-39718, CVE-2025-38571, CVE-2025-39702, CVE-2025-38566, CVE-2023-53494, CVE-2023-53373, CVE-2022-50367,...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-40251, CVE-2025-40154, CVE-2025-38568 Vulnerability Details CVEID:CVE-2025-40251 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: devlink:...

Security Bulletin: Vulnerability in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-21991 Vulnerability Details CVEID:CVE-2025-21991 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on...

Security Bulletin: Vulnerability in podman affects IBM Netezza Appliance

Summary The podman package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-47913 Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination o...

Security Bulletin: Due to use of plexus-utils-3.5.1.jar, IBM Sterling Connect:Direct Web Services is affected by Directory Traversal issue.

Summary plexus-utils-3.5.1.jar is used by IBM Sterling Connect:Direct Web Services CVE-2025-67030. Vulnerability Details CVEID:CVE-2025-67030 DESCRIPTION: Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before...

Security Bulletin: Due to use of jackson-core-2.19.4.jar, IBM Sterling Connect:Direct Web Services is affected by Denial of Service (DoS) issue.

Summary jackson-core-2.19.4.jar is used by IBM Sterling Connect:Direct Web Services WS-2026-0003. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength constraint default: 1000 characters defined in StreamReadConstraints...

Security Bulletin: Due to use of jetty-server-12.0.16.jar, IBM Sterling Connect:Direct Web Services is affected by response not compressed issue for corresponding HTTP request, causing the leak.

Summary jetty-server-12.0.16.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-1605. Vulnerability Details CVEID:CVE-2026-1605 DESCRIPTION: In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with...

Security Bulletin: Due to use of IBM SDK, IBM Sterling Connect:Direct Web Services is affected by denial of service.

Summary IBM SDK is used by IBM Sterling Connect:Direct Web Services CVE-2026-21945, CVE-2026-21932, CVE-2026-21933,CVE-2026-21925. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows ...

Security Bulletin: Due to use of spring-security-web-6.5.8.jar, IBM Sterling Connect:Direct Web Services is affected by missing HTTP header in response issue.

Summary spring-security-web-6.5.8.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22732. Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP...

Security Bulletin: IBM WebSphere Application Server Liberty is affected by identity spoofing (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty is affected by identity spoofing when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is not enabled on the server. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION: IBM WebSphere...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for January 2026

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 IF001 Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-29371, CVE-2025-14923)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-29371, CVE-2025-14923. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2026-1272, CVE-2020-16971, CVE-2026-1274)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-1272 DESCRIPTION: IBM Guardium Data Protection is vulnerable to Security Misconfiguration vulnerability in the user access control panel. CWE:CWE-613: Insufficient Session...

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2026-4917, CVE-2026-4918, CVE-2026-4919)

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-4917 DESCRIPTION: IBM Guardium Data Protection could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL reque...

Security Bulletin: IBM Guardium Data Protection is affected by a spring-security-config-5.8.14.jar vulnerability (CVE-2024-38827)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working...

Security Bulletin: IBM Guardium Data Protection is affected by an IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU vulnerability (CVE-2025-53066, CVE-2025-53057)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js. CVE-2026-32141, CVE-2026-0540, CVE-2026-2327, CVE-2026-27903, CVE-2026-27904. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-3214...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of AsyncHttpClient

Summary Due to use of AsyncHttpClient, DevOps Test Performance and Rational Performance Tester contain a potential vulnerability where Authorization/Proxy-Authorization headers are improperly leaked. Vulnerability Details CVEID:CVE-2026-40490 DESCRIPTION: The AsyncHttpClient AHC library allows Ja...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-27601)

Summary IBM Security SOAR uses an older version of the Underscore.js component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION:...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-15599)

Summary IBM Security SOAR uses an older version of the DOMPurify component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION:...

Security Bulletin: Muliple security vulnerabilities found in IBM CICS TX Standard.

Summary Multiple security vulnerabilities found in IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address multiple vulnerabilities in brotli, gnutls, libssh, openssl, curl, binutils, gnupg2, glib2 packages. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue...

Security Bulletin: Muliple security vulnerabilities found in TXSeries for Multiplatforms.

Summary Multiple security vulnerabilities found in TXSeries for Multiplatforms. An update to TXSeries for Multiplatforms has been released to address multiple vulnerabilities in perl, gnupg2, binutils, curl, openssl, glib2 packages. Vulnerability Details CVEID:CVE-2025-68973 DESCRIPTION: In GnuPG...

Security Bulletin: Rational Test Automation Server is vulnerable to request smuggling using CRLF injection due to netty-codec-http (CVE-2025-67735)

Summary Due to use of netty-codec-http, Rational Test Automation Server and IBM DevOps Test Hub contain a CRLF injection based request smuggling vulnerability CVE-2025-67735. The netty-codec-http java library is used for asynchronous HTTP handling capabilities. Vulnerability Details...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-21883, CVE-2025-21919, CVE-2025-22104, CVE-2025-23150, CVE-2025-37738 Vulnerability Details CVEID:CVE-2025-21883 DESCRIPTION: In the Linux kernel, the following...

Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance

Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-21961, CVE-2025-21963, CVE-2025-21969, CVE-2025-21979, CVE-2025-21999, CVE-2025-22126, CVE-2025-37750 Vulnerability Details CVEID:CVE-2025-21961 DESCRIPTION: In the Linux...

Security Bulletin: Vulnerabilities in libsoup affects IBM Netezza Appliance

Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-4945, CVE-2025-11021 Vulnerability Details CVEID:CVE-2025-4945 DESCRIPTION: A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME...