35747 matches found
Security Bulletin: Vulnerability in bytes bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage bundle the bytes library, which is affected by an integer overflow vulnerability in the BytesMut::reserve implementation. Under specific conditions in the unique reclaim path, an unchecked integer addition can overflow in...
Security Bulletin: Vulnerability in undici bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage bundle the undici library, which is affected by a denial of service vulnerability in its HTTP response decompression handling. The vulnerable implementation does not impose a limit on the number of links in the decompression...
Security Bulletin: Vulnerability in follow-redirects bundled with IBM Fusion and IBM Fusion HCI
Summary IBM Fusion and IBM Fusion HCI include the follow-redirects library, which is vulnerable to the exposure of sensitive information to an unauthorized actor. When processing cross-domain HTTP redirects such as status codes 301, 302, 307, or 308, the library only strips standard authenticatio...
Security Bulletin: Multiple vulnerabbilities exists in the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Configuration Manager.
Summary IBM Tivoli Network Configuration Manager is affected by multiple security vulnerabilities in IBM SDK, Java Technology Edition. This bulletin addresses the IBM SDK, Java Technology Edition Quarterly Critical Patch Update CPU for April 2026, which includes Oracle's April 2026 Critical Patch...
Security Bulletin: IBM Storage Scale System: Vulnerability in Linux kernel crypto subsystem could allow local privilege escalation (CVE-2026-31431)
Summary IBM Storage Scale Systems is affected by a security vulnerability identified in the Linux kernel's cryptographic interface CVE-2026-31431 that could allow a local user with low privileges to escalate to root privileges. The vulnerability has a CVSS score of 7.8 High and requires local...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when running non fenced federated queries (CVE-2026-10695)
Summary IBM® Db2® is vulnerable to a denial of service when running non fenced federated queries. Vulnerability Details CVEID:CVE-2026-10695 DESCRIPTION: IBM Db2 federated server is vulnerable to a denial of service when running non fenced federated queries. CWE:CWE-400: Uncontrolled Resource...
Security Bulletin: IBM® Db2® is affected by a vulnerability in log4j-core (CVE-2026-34479)
Summary IBM® Db2® is affected by a vulnerability in log4j-core. Vulnerability Details CVEID:CVE-2026-34479 DESCRIPTION: The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parser...
Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.130.Final.jar (CVE-2026-41417)
Summary IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.130.Final.jar Vulnerability Details CVEID:CVE-2026-41417 DESCRIPTION: Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via...
Security Bulletin: IBM® Db2® is vulnerable to buffer overflow in setgid helper db2flacc (CVE-2026-10535)
Summary IBM® Db2® is vulnerable to uffer overflow in setgid helper db2flacc. Vulnerability Details CVEID:CVE-2026-10535 DESCRIPTION: IBM Db2 is vulnerable to buffer overflow in setgid helper db2flacc. CWE:CWE-121: Stack-based Buffer Overflow CVSS Source: IBM CVSS Base score: 8.4 CVSS...
Security Bulletin: Multiple vulnerabilities in IBM Semeru affects IBM® Db2® (April 2026 CPU)
Summary There are vulnerabilities in IBM Runtime Environment Java™ Version 8.0.8.60 and earlier, and IBM Semeru Version 21.0.10.0 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in April 2026 Vulnerability Details CVEID:CVE-2026-22021 DESCRIPTION:...
Security Bulletin: IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control (CVE-2026-9762)
Summary IBM® Db2® is vulnerable to remote code execution when jdbc url is under user control. Vulnerability Details CVEID:CVE-2026-9762 DESCRIPTION: IBM Data Server Driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control. CWE:CWE-94: Improper Control of...
Security Bulletin: IBM® Db2® is vulnerable to a trap when compiling specially crafted statements containing subqueries could lead to a denial of service (CVE-2026-7771)
Summary IBM® Db2® is vulnerable to a trap when compiling specially crafted statements containing subqueries could lead to a denial of service. Vulnerability Details CVEID:CVE-2026-7771 DESCRIPTION: DB2 for Linux is vulnerable to a trap when compiling a specially crafted statements containing...
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinsess Automation Workflow (CVE-2026-8408)
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Vulnerability in IBM Data Product Hub
Summary A vulnerability was addressed in IBM Data Product Hub version 5.4.0 Patch 2 Vulnerability Details CVEID:CVE-2026-9358 DESCRIPTION: A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the...
Security Bulletin: Security vulnerability in IBM Storage Protect Client leads to unauthorized access to IBM Storage Protect Snapshot for Windows Standalone Configuration
Summary Security vulnerability in IBM Storage Protect Client leads to unauthorized access to IBM Storage Protect Snapshot for Windows Standalone Configuration. CVE-2026-12628 Vulnerability Details CVEID:CVE-2026-12628 DESCRIPTION: IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage...
Security Bulletin: Vulnerability in IBM Operator for PostgreSQL
Summary A vulnerability was addressed in IBM Operator for PostgreSQL version v28.4.0. Vulnerability Details CVEID:CVE-2026-25680 DESCRIPTION: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CWE:CWE-400: Uncontrolled Resource Consumption CVSS Source:...
Security Bulletin: IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow (CVE-2026-13473)
Summary IBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow due to unchecked string copy operations in IBM Storage Protect Snapshot for Windows Standalone Configuration. Vulnerability Details CVEID:CVE-2026-13473 DESCRIPTION: IBM Storage Protect is vulnerable to a heap-based...
Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty
Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v...
Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty
Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-40181 DESCRIPTION: React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3,...
Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition
Summary Multiple vulnerabilities were addressed in IBM Tivoli Network Manager IP Edition 4.2.0.24 IF2 Vulnerability Details CVEID:CVE-2026-8368 DESCRIPTION: LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response...
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView
Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...
Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to pyOpenSSL
Summary pyOpenSSL is used by IBM Cloud Pak for Data System 1.0 as a Python wrapper around the OpenSSL library for TLS/SSL functionality. Multiple vulnerabilities affect pyOpenSSL. CVE-2026-27448 involves improper handling of unhandled exceptions in the settlsextservernamecallback callback, which...
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty (CVE-2026-50010,CVE-2026-50020,CVE-2026-45416 & CVE-2026-44249)
Summary IBM App Connect for Manufacturing is vulnerable to multiple vulnerabilities due to Netty. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...
Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring
Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.4.20 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...
Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring
Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.3.22 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...
Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring
Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.2.28 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...
Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring
Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7.40 Vulnerability Details CVEID:CVE-2026-41003 DESCRIPTION: An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...
Security Bulletin: Multiple Vulnerabilities in Axios bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include the Axios library, which is susceptible to proxy bypass, SSRF, prototype pollution, bypasses application-level authentication, denial of service, vulnerabilities CVE-2026-39865,...
Security Bulletin: Vulnerability in node-tar bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the node-tar library, which is susceptible to a Path Traversal vulnerability during archive extraction. When default configurations are used, an attacker-controlled archive can create a hardlink inside the extraction...
Security Bulletin: Multiple Vulnerabilities in Minimatch bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the minimatch library, which is susceptible to multiple Denial of Service DoS vulnerabilities due to algorithmic inefficiencies and catastrophic regular expression backtracking. A remote attacker could exploit these...
Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-64720 DESCRIPTION: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster...
Security Bulletin: Multiple vulnerabilities in IBM Software Support App
Summary Multiple vulnerabilities were addressed in IBM Software Support App Version 4.1.1 Vulnerability Details CVEID:CVE-2026-53550 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml...
Security Bulletin: Broken Access Control Vulnerabilities in Langflow 1.0.0 - 1.8.4 File Handling API Allowed Unauthorized Access to User Files
Summary Two broken access control vulnerabilities in Langflow's file handling API allowed unauthorized access to user files. The first vulnerability CVE-TBD-1 in the GET /api/v1/files/images/flowid/filename endpoint lacked authentication requirements, allowing any unauthenticated attacker with...
Security Bulletin: Multiple vulnerabilities in IBM Rational Developer for i
Summary IBM Rational Developer for i is affected by a prototype pollution vulnerability in Axios CVE-2026-42033, an allocation without limits vulnerability in Axios CVE-2026-42034, an improper neutralization vulnerability in Axios CVE-2026-42035, an allocation without limits vulnerability in Axio...
Security Bulletin: Due to use of Golang Go, multiple vulnerabilities affect IBM Cloud Pak System
Summary Due to use of Golang Go multiple vulnerabilities affect IBM Cloud Pak System. IBM Cloud Pak System has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2026-39827 DESCRIPTION: An authenticated SSH client that repeatedly opened channels which were rejected by the server...
Security Bulletin: IBM z/TPF Development is affected by multiple vulnerabilities
Summary Multiple vulnerabilities were identified in the open-source package axios version 1.15.2, which provides the HTTPS/HTTP client used by the IBM z/TPF Development extension. Fixes for these vulnerabilities were made available in axios version 1.17.0. Additionally, a vulnerability was...
Security Bulletin: Vulnerability in Axios affect IBM Cloud Pak System
Summary Due to the use of Axios, vulnerability was addressed in IBM Cloud Pak System version 2.3.5.1 Vulnerability Details CVEID:CVE-2026-44495 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollutio...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to Eclipse Parsson (CVE-2026-9563)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service with the jsonp-2.1 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to Eclipse Parsson (CVE-2026-9563)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service with the jsonp-2.1 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versio...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to Eclipse Parsson (CVE-2026-9563)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service with the jsonp-2.1 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site request forgery vulnerability (CVE-2026-8408)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site request forgery vulnerability when using the Administrative Console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site request forgery vulnerability (CVE-2026-8408)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site request forgery vulnerability when using the Administrative Console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site request forgery vulnerability (CVE-2026-8408)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site request forgery vulnerability when using the Administrative Console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-1933 DESCRIPTION: A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks,...
Security Bulletin: IBM Planning Analytics Local is affected by security vulnerabilities
Summary The Planning Analytics Workspace component of IBM Planning Analytics is affected by security vulnerabilities. These vulnerabilities have been addressed in IBM Planning Analytics Local v2.0 - IBM Planning Analytics Workspace version 2.1.22. Vulnerability Details CVEID:CVE-2025-68161...
Security Bulletin: IBM i is Affected by Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime [CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007]
Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to partial denial-of-service DoS CVE-2026-22021, CVE-2026-22018 and unauthorized access to data CVE-2026-22016, CVE-2026-22013,...
Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak System
Summary Multiple vulnerabilities affect IBM Cloud Pak System. These vulnerabilties have been addressed with IBM Cloud Pak System 2.3.5.1. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption c...
Security Bulletin: IBM Operational Decision Manager for May 2026 - Multiple CVEs addressed
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Operational Decision Manager Vulnerability Details CVEID:CVE-2026-40973 DESCRIPTION: A local attacker on the same host as the application may be able to take contr...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a cross-site request forgery vulnerability
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a cross-site request forgery vulnerability CVE-2026-8408 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tomcat-embed-core-10.1.54.jar which is vulnerable to CVE-2026-41293, CVE-2026-43512, CVE-2026-43513 and CVE-2026-43515.
Summary IBM Maximo Application Suite - Monitor Component uses tomcat-embed-core-10.1.54.jar which is vulnerable to CVE-2026-41293, CVE-2026-43512, CVE-2026-43513 and CVE-2026-43515. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41293...