34922 matches found
Security Bulletin: Vulnerabilities in libsoup affects IBM Netezza Appliance
Summary The libsoup package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-4945, CVE-2025-11021 Vulnerability Details CVEID:CVE-2025-4945 DESCRIPTION: A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME...
Security Bulletin: Vulnerability in kernel affects IBM Netezza Appliance
Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-38550 Vulnerability Details CVEID:CVE-2025-38550 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc-idev in...
Security Bulletin: Vulnerability in FreeIPA affects IBM Netezza Appliance
Summary The FreeIPA package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-7493 Vulnerability Details CVEID:CVE-2025-7493 DESCRIPTION: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is...
Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance
Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-38079, CVE-2025-38292 Vulnerability Details CVEID:CVE-2025-38079 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash - fix...
Security Bulletin: Vulnerability in SQLite affects IBM Netezza Appliance
Summary The SQLite package is used by IBM Netezza Appliance. IBM Netezza Appliance has addressed the applicable CVE CVE-2025-6965 Vulnerability Details CVEID:CVE-2025-6965 DESCRIPTION: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed t...
Security Bulletin: Vulnerability in poppler affects IBM Netezza Appliance
Summary The poppler package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVECVE-2025-32365 Vulnerability Details CVEID:CVE-2025-32365 DESCRIPTION: Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine...
Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance
Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2022-48830, CVE-2022-49024, CVE-2024-36350, CVE-2024-36357, CVE-2024-46689, CVE-2024-46744, CVE-2024-47679, CVE-2024-47727, CVE-2024-49864, CVE-2024-50060, CVE-2024-50195,...
Security Bulletin: Vulnerability in kernel affects IBM Netezza Appliance
Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-12084 Vulnerability Details CVEID:CVE-2025-12084 DESCRIPTION: When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on...
Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance
Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2023-53331, CVE-2025-39718, CVE-2025-39730, CVE-2025-39819 Vulnerability Details CVEID:CVE-2023-53331 DESCRIPTION: In the Linux kernel, the following vulnerability has been...
Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance
Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2022-3424, CVE-2025-21764 Vulnerability Details CVEID:CVE-2022-3424 DESCRIPTION: A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first...
Security Bulletin: Vulnerabilities in kernel affects IBM Netezza Appliance
Summary The kernel package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2023-52355, CVE-2023-52356 Vulnerability Details CVEID:CVE-2023-52355 DESCRIPTION: An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff...
Security Bulletin: Vulnerabilities in libpng affects IBM Netezza Appliance
Summary The libpng package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEsCVE-2025-64720, CVE-2025-65018, CVE-2025-66293 Vulnerability Details CVEID:CVE-2025-64720 DESCRIPTION: LIBPNG is a reference library for use in applications that read, create, and...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp library
Summary Due to use of the path-to-regexp library, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple wildcards, combined with at...
Security Bulletin: Vulnerability in setuptools affects IBM Netezza Appliance
Summary The setuptools package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-47273 Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python...
Security Bulletin: Due to use angular-1.8.2.min.js , IBM webMethods Integration Server is affected by multiple vulnerabilities.
Summary Multiple vulnerabilities were addressed in IBM webMethods Integration Server by upgrading the version of the Angular framework. Vulnerability Details CVEID:CVE-2025-0716 DESCRIPTION: Improper sanitization of the value of the 'href' and 'xlink:href' attributes in 'image' SVG elements in...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules.
Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to multiple node modules. Vulnerability Details CVEID:CVE-2026-33036 DESCRIPTION:...
Security Bulletin: A Security Vulnerability Has Been Identified In WebSphere Liberty shipped with IBM Copy Services manager (CVE-2025-7962)
Summary WebSphere Application Server Liberty is shipped with IBM Copy Services Manager. Information about a security vulnerability affecting WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp package
Summary Due to use of the path-to-regexp package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you...
Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)
Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...
Security Bulletin: Due to use of Google Protocol Buffers, IBM Operations Analytics – Log Analysis is affected by denial of service.
Summary Google Protocol Buffers in Apache Solr is used by IBM Operations Analytics – Log Analysis as part of the data serialization and communication between services. CVE-2021-22570. Vulnerability Details CVEID:CVE-2021-22570 DESCRIPTION: Nullptr dereference when a null char is present in a prot...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a specific "Gadget" attack chain and proxy bypass and SSRF vulnerabilities due to Node js module axios (CVE-2025-62718 & CVE-2026-40175)
Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to a specific "Gadget" attack chain and proxy bypass and SSRF vulnerabilities due to Node js module axios. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios ...
Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-29371).
Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-29371. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before...
Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.
Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2024-29371. IBM WebSphere Liberty has been updated within IBM CICS TX Standard to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before...
Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2024-29371).
Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2024-29371. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF19 patch. Vulnerability Details CVEID:CVE-2022-39135 DESCRIPTION: Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML Extern...
Security Bulletin: IBM Storage Protect Operations Center is affected by vulnerabilities in the dojo-profile library that could allow prototype pollution or improper handling of crafted PNG inputs (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273).
Summary IBM Storage Protect Operations Center uses the dojo-profile library in certain components. Vulnerabilities in this library may allow prototype pollution or improper handling of specially crafted PNG files, which could lead to memory corruption or denial-of-service conditions in applicatio...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in commons-io library
Summary Vulnerabilities have been identified in commons-io library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache-Velocity library
Summary Vulnerabilities have been identified in Apache-Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java cod...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Eclipse IDE versions
Summary Vulnerabilities have been identified in Eclipse IDE versions before 2023-09 4.29, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE versions 2023-09 4.29 some files with xml content are...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache PDFBox
Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of Resources in net/textproto [CVE-2025-61724]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of Resources in net/textproto, due to an issue in the Reader.ReadResponse function which can cause excessive CPU consumption CVE-2025-61724. Net/textproto is used in our speech utilities. This vulnerabilitiy has bee...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Improper Input Validation due to Apache Tomcat ( CVE-2026-24734 )
Summary IBM Integration Bus for z/OS is vulnerable to Improper Input Validation due to Apache Tomcat. Vulnerability Details CVEID:CVE-2026-24734 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FF...
Security Bulletin: Denial of service, security controls bypass, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to denial of service, security controls bypass, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases involving certain custom...
Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...
Security Bulletin: DevOps Test Performance contains a vulnerability due to use of Spring Boot
Summary Due to use of Spring Boot, DevOps Test Performance and Rational Performance Tester contain a potential authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass"...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Framework MVC and WebFlux
Summary Due to use of Spring Framework MVC and WebFlux, DevOps Test Performance and Rational Performance Tester contain a potential stream corruption vulnerability. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jackson-core library
Summary Due to use of the jackson-core library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use Apache CXF
Summary Due to use of Apache CXF, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server
Summary Due to use of the Undertow web server, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-9784 DESCRIPTION: A flaw was found in Undertow where malformed client requests can trigger server-si...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Apache Commons Lang
Summary Due to use of Apache Commons Lang, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apach...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in Node.js
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in Node.js and LangChain. CVE-2026-2359, CVE-2026-3304, CVE-2026-3520, CVE-2026-29063, CVE-2026-24001, CVE-2025-69873, CVE-2026-31808. The vulnerabilities have been addressed. Vulnerability Detail...
Security Bulletin: ELM on Hybrid Cloud vulnerabilities addressed in 2.0.0
Summary This release addresses security vulnerabilities in application and operator images of ELM on Hybrid cloud offering. Identified vulnerabilities identified below relate to the underlying OS packages and language dependencies which impacts the product within the deployed environment. One of...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Arbitrary Code Injection due to Node js module jsonpath (CVE-2026-1615)
Summary IBM App Connect Enterprise runtime is vulnerable to Arbitrary Code Injection due to Node js module jsonpath. Vulnerability Details CVEID:CVE-2026-1615 DESCRIPTION: Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-suppli...
Security Bulletin: The IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)
Summary WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 with the restConnector-1.0 or restConnector-2.0 feature enabled is affected by a remote code execution vulnerability. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Engineering Test Management are affected by cross-site scripting (CVE-2025-12635)
Summary IBM WebSphere Application Server is affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. Following IBM® Engineering Lifecycle Management...
Security Bulletin: IBM Engineering Lifecycle Management products using IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)
Summary IBM WebSphere Application Server Liberty with versions ranging 17.0.0.3 - 26.0.0.2 could provide weaker than expected security when using the Security Utility when administering security settings. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it ha...
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty may be affected by a denial of service due to jose4j (CVE-2024-29371)
Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test...
Security Bulletin: Security vulnerability has been found in IBM Security Verify Directory (Container) used by IBM Security Verify Governance Identity Manager Adapters
Summary IBM Security Verify Governance Identity Manager Adapters uses IBM Security Verify Directory Container. Information about security vulnerability affecting IBM Security Verify Directory Container has been published in security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Configuration Manager IP Edition (ITNCM)
Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 24 6.4.2.24 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...