Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 12:27 p.m.10 views

Security Bulletin: There is a vulnerability in uuid-9.0.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41988)

Summary There is a vulnerability in uuid-9.0.1.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6...

3.2CVSS5.8AI score0.00138EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 12:27 p.m.10 views

Security Bulletin: There is a vulnerability in postcss-8.4.38.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41305)

Summary There is a vulnerability in postcss-8.4.38.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an...

6.1CVSS5.8AI score0.00205EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 12:17 p.m.25 views

Security Bulletin: There is a vulnerability in dompurify-3.2.6.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41238)

Summary There is a vulnerability in dompurify-3.2.6.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are...

6.9CVSS5.8AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 11:47 a.m.14 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539

Summary IBM Maximo Application Suite - Visual Inspection component uses pygments-2.19.2-py3-none-any.whl which is vulnerable to CVE-2026-4539 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-4539 DESCRIPTION: A security fla...

4.8CVSS5.4AI score0.00156EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 11:47 a.m.15 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907

Summary IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before...

9.3CVSS5.8AI score0.00337EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 10:47 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895

Summary IBM Maximo Application Suite - Visual Inspection component uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects ...

7.5CVSS5.8AI score0.00486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 10:46 a.m.16 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for May 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF005. These vulnerabilities have been also adressed in 24.0.0-IF007, 24.0.1-IF007 and 25.0.1-IF001. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a...

7.6CVSS6.9AI score0.01525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 9:47 a.m.16 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in xmldom

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in xmldom. CVE-2026-34601 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...

7.5CVSS5.7AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 9:28 a.m.12 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.24 and 13.2.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

9.8CVSS6.2AI score0.00882EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 9:22 a.m.16 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to multiple CVEs

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to multiple CVEs. This bulletin provides patch information to address the vulnerabilities Vulnerability Details CVEID:CVE-2026-6322 DESCRIPTION: fast-ur...

7.5CVSS6.4AI score0.00521EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:35 a.m.9 views

Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.

Summary Maximo AI Service uses fast-xml-parser-5.3.6.tgz, mlflow-3.9.0rc0-py3-none-any.whl, bcpkix-jdk18on-1.79.jar, pythonmultipart-0.0.24-py3-none-any.whl, bcprov-jdk18on-1.79.jar, spring-security-core-6.5.9.jar, spring-boot-autoconfigure-3.5.13.jar, spring-web-6.2.17.jar,...

9.8CVSS5.9AI score0.00527EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:30 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750

Summary IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-1.1.12.tgz, brace-expansion-5.0.4.tgz which is vulnerable to CVE-2026-33750, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33750...

7.5CVSS5.9AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:15 a.m.14 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907

Summary IBM Maximo Application Suite - Visual Inspection component uses uuid-9.0.1.tgz which is vulnerable to CVE-2026-41988, CVE-2026-41907 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before...

9.3CVSS5.8AI score0.00337EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:14 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.3.2.tgz which is vulnerable to CVE-2026-41238, CVE-2026-41239, CVE-2026-41240

Summary IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.3.2.tgz which is vulnerable to CVE-2026-41238, CVE-2026-41239, CVE-2026-41240 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41238...

6.9CVSS5.8AI score0.00263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 8:8 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses postcss-8.4.49.tgz which is vulnerable to CVE-2026-41305

Summary IBM Maximo Application Suite - Visual Inspection component uses postcss-8.4.49.tgz which is vulnerable to CVE-2026-41305, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file an...

6.1CVSS5.8AI score0.00205EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 7:56 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses lxml-6.0.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-41066

Summary IBM Maximo Application Suite - Visual Inspection component uses lxml-6.0.0-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-41066, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

7.5CVSS5.8AI score0.00324EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 7:54 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.15.0.tgz which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Visual Inspection component uses axios-1.15.0.tgz which is vulnerable to multiple CVEs CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042,...

10CVSS5.9AI score0.00838EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 7:32 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl, cryptography-46.0.6-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl, cryptography-46.0.6-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892. This bulletin contains information addressing the...

9.8CVSS5.9AI score0.00652EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 6:42 a.m.12 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities when using Web Server Plug-ins CVE-2026-8633, CVE-2026-8620 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

9.8CVSS5.8AI score0.00847EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 6:11 a.m.13 views

Security Bulletin:Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP

Summary Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads...

6.9CVSS5.8AI score0.00644EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 4:49 p.m.17 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in brace-expansion (CVE-2026-33750)

Summary A vulnerability in the brace-expansion string and pattern utility library CVE-2026-33750 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 5.0.5. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generate...

7.5CVSS5.8AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 4:48 p.m.14 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in follow-redirects (CVE-2026-40895)

Summary A vulnerability in the follow-redirects drop-in HTTP/HTTPS wrapper library CVE-2026-40895 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 1.16.0. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source...

7.5CVSS5.7AI score0.00486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 4:48 p.m.18 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in lxml (CVE-2026-41066)

Summary A vulnerability in the lxml XML processing library CVE-2026-41066 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 6.1.0. Vulnerability Details CVEID:CVE-2026-41066 DESCRIPTION: lxml is a library for processing XML and HTML in the Python...

7.5CVSS5.7AI score0.00324EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 4:47 p.m.15 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in mako (CVE-2026-41205)

Summary A vulnerability in the Mako Templates library CVE-2026-41205 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 1.3.11. Vulnerability Details CVEID:CVE-2026-41205 DESCRIPTION: Mako is a template library written in Python. Prior to 1.3.11,...

8.7CVSS5.7AI score0.00361EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 4:46 p.m.17 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in uuid (CVE-2026-41907)

Summary A vulnerability in the uuid generation utility library CVE-2026-41907 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the component to version 9.0.1. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122...

9.3CVSS5.7AI score0.00337EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 1:40 p.m.16 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in minimatch (CVE-2026-26996, CVE-2026-27903, CVE-2026-27904)

Summary Multiple vulnerabilities in the minimatch matching utility CVE-2026-26996, CVE-2026-27903, CVE-2026-27904 used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the component to version 5.1.8. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a...

8.7CVSS5.7AI score0.00519EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 1:40 p.m.13 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in jsPDF (CVE-2026-25535, CVE-2026-25755, CVE-2026-25940)

Summary Multiple vulnerabilities in the jsPDF library used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 4.2.1. Vulnerability Details CVEID:CVE-2026-25535 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control ...

9.6CVSS6AI score0.00817EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 1:37 p.m.13 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in minimatch (CVE-2026-26996)

Summary A Regular Expression Denial of Service ReDoS vulnerability in the minimatch pattern matching library CVE-2026-26996 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 5.1.8. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch i...

8.7CVSS5.7AI score0.00519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/31 1:36 p.m.11 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in qs (CVE-2025-15284, CVE-2026-2391)

Summary Multiple vulnerabilities in the qs query string parsing library used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 6.14.2. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules...

7.5CVSS5.8AI score0.00478EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/30 8:59 a.m.14 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in axios (CVE-2026-25639)

Summary A Denial of Service vulnerability in the axios library CVE-2026-25639 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 1.15.0. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

7.5CVSS6.9AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/30 8:59 a.m.17 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in pytest (CVE-2025-71176)

Summary A temporary directory security vulnerability in the pytest component CVE-2025-71176 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 9.0.3. Vulnerability Details CVEID:CVE-2025-71176 DESCRIPTION: pytest through 9.0.2 on UNIX relies on directories with...

6.8CVSS5.8AI score0.0014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/30 8:58 a.m.17 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Lodash and Lodash-es (CVE-2025-13465)

Summary A prototype pollution vulnerability in the Lodash and Lodash-es libraries CVE-2025-13465 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 4.18.0. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...

8.2CVSS6.6AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/30 8:58 a.m.12 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Next.js (CVE-2025-48068)

Summary A vulnerability involving cross-site WebSocket hijacking in the Next.js framework CVE-2025-48068 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 15.5.15. Vulnerability Details CVEID:CVE-2025-48068 DESCRIPTION: Next.js is a React framework for buildin...

4.3CVSS5.8AI score0.00166EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/30 8:51 a.m.15 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Next.js (CVE-2025-57752 and CVE-2025-55173)

Summary The vulnerabilities CVE-2025-57752 Cache Key Confusion / Cache Deception and CVE-2025-55173 Content Injection / Arbitrary File Delivery in the Next.js framework have been completely resolved by upgrading the dependency from version 14.2.26 to 15.5.15. Vulnerability Details...

6.2CVSS6AI score0.00509EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:57 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple Vulnerabilities Addressed in IBM Aspera Enterprise WebApps Version 1.0.3 Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any...

7.5CVSS6AI score0.00838EPSS
Exploits8Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:48 p.m.12 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268 and CVE-2026-22007 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION:...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 8:6 p.m.11 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Server Post-Auth Remote Code Execution

Summary Server Post-Auth Remote Code Execution RCE vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2026-4051 DESCRIPTION: IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with...

7.2CVSS6.2AI score0.00369EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 8:4 p.m.16 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass

Summary Authentication bypass vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2026-3660 DESCRIPTION: IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update...

9.8CVSS5.8AI score0.0058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 8:2 p.m.20 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to XML external entity injection (XXE) attack

Summary XML external entity injection XXE vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2026-3603 DESCRIPTION: IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through Interim Fix 021, 7.1.0 Interim Fix 001...

7.1CVSS5.7AI score0.00354EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 6:8 p.m.19 views

Security Bulletin: Multiple Vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple Vulnerabilities Addressed in IBM Aspera Enterprise WebApps Version 1.0.3 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization wh...

9.9CVSS6.9AI score0.01815EPSS
Exploits10Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 5:43 p.m.12 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service (DoS) due to Apache Commons FileUpload

Summary Apache Commons FileUpload in WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of the parse and process HTTP requests for handling file uploads. CVE-2023-24998. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload...

7.5CVSS5.8AI score0.46836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 4:59 p.m.10 views

Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager

Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.4 Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency...

7.5CVSS5.9AI score0.00838EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 4:45 p.m.18 views

Security Bulletin: Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2026-8633 and CVE-2026-8620)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a remote code execution and HTTP request smuggling vulnerability affecting WebSphere Application Server Web Server Plug-ins have been published in a security bulletin...

9.8CVSS6.5AI score0.00847EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 4:43 p.m.12 views

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes May 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and...

9.8CVSS7.3AI score0.87218EPSS
Exploits12Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 2:41 p.m.16 views

Security Bulletin: IBM Sterling Connect:Direct for Unix is impacted by Improper Input Validation vulnerability due to jetty-http.

Summary jetty-http is used by IBM Sterling Connect:Direct for UNIX in product configuration. IBM Sterling Connect:Direct for UNIX is impacted by Improper Input Validation vulnerability in jetty-http, CVE-2025-11143. IBM Sterling Connect:Direct for UNIX has upgraded jetty-http to address the issue...

6.5CVSS6.6AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 12:58 p.m.10 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-40175)

Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.0 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios i...

9CVSS5.9AI score0.01815EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 12:15 p.m.22 views

Security Bulletin: Multiple Vulnerabilities in Apache Log4j Core shipped in Tivoli Netcool/OMNIbus

Summary The Netcool/Omnibus 'Administrator GUI' and 'Accelerated Event Notification GUI' desktop components use a version of Apache Log4j that contains known vulnerabilities. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in...

7.5CVSS6.5AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 10:57 a.m.22 views

Security Bulletin: IBM Operational Decision Manager for April 2026 - Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Operational Decision Manager Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS conditio...

9.8CVSS7.1AI score0.01177EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 10:36 a.m.11 views

Security Bulletin: IBM Edge Data Collector uses uuid-8.3.2.tgz, uuid-9.0.1.tgz which is vulnerable to CVE-2026-41907

Summary IBM Edge Data Collector Component uses uuid-8.3.2.tgz, uuid-9.0.1.tgz which is vulnerable to CVE-2026-41907. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs...

9.3CVSS5.8AI score0.00337EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 10:35 a.m.12 views

Security Bulletin: IBM Edge Data Collector uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264

Summary IBM Edge Data Collector Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-42264 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. From...

9.1CVSS5.7AI score0.00549EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608