35608 matches found
Security Bulletin: Due to the use of c3p0, IBM webMethods BPM is vulnerable to attack via maliciously crafted Java-serialized objects (CVE-2026-27830)
Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component c3p0. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is...
Security Bulletin: Multiple Vulnerabilities in IBM Bob
Summary Multiple vulnerabilities were addressed in IBM Bob V 1.0.2 Vulnerability Details CVEID:CVE-2026-39407 DESCRIPTION: Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static...
Security Bulletin: Multiple Vulnerabilities in IBM Tivoli Netcool/OMNIbus_GUI
Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool/OMNIbusGUI 8.1.0 Fix Pack 41. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible i...
Security Bulletin: Vulnerability affect underscore-umd-min, werkzeug-3.1.5, flask-3.1.1, cryptography, aircompressor, pyasn1, http, log4j, apache2-build, commons-configuration, bcpkix-jdk18on, server-MariaDB, Jline, IBM COS Systems (April 2026)
Summary Vulnerability with underscore-umd-min CVE-2026-27601, werkzeug-3.1.5 CVE-2026-27199, flask-3.1.1-py3-nCVE-2026-27205, cryptographyCVE-2026-26007, aircompressorCVE-2025-67721, pyasn1CVE-2026-23490, http, log4jCVE-2025-68161, apache2-buildCVE-2025-55753, commons-configurationCVE-2024-29131,...
Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-14917) affects IBM PowerVM Novalink.
Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could...
Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2026-1561) affects IBM PowerVM Novalink.
Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is...
Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-14915) affects IBM PowerVM Novalink.
Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14915 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is...
Security Bulletin: Vulnerability in IBM WebSphere Application ( CVE-2025-14923) affects IBM PowerVM Novalink.
Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could...
Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NRS.
Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - NRS addressed in 3.0.5.1. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...
Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (April 2026)
Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.
Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...
Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NPS.
Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - NPS addressed in 11.3.0.2-IF1 Vulnerability Details CVEID:CVE-2016-10735 DESCRIPTION: In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability...
Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.
Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2022-3219 DESCRIPTION: GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached,...
Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.
Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2025-36220 DESCRIPTION: IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which coul...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.318 Vulnerability Details CVEID:CVE-2020-25576 DESCRIPTION: An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slice...
Security Bulletin: IBM Maximo Scheduler Optimizer uses axios-1.13.5.tgz which is vulnerable to CVE-2026-40175
Summary IBM Maximo Scheduler Optimizer uses axios-1.13.5.tgz which is vulnerable to CVE-2026-40175. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
Security Bulletin: A runtime-7.23.5.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in runtime-7.23.5.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using...
Security Bulletin: A nimbus-jose-jwt-9.37.3.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in nimbus-jose-jwt-9.37.3.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before...
Security Bulletin: A json-path-2.6.0.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in json-path-2.6.0.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path v2.8.0 was discovered to contain a stack overflow via the...
Security Bulletin: A commons-lang3-3.12.0.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in commons-lang3-3.12.0.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issu...
Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affects IBM Rational Functional Tester / DevOps Test UI
Summary There are vulnerabilities in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote...
Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.C...
Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-cor...
Security Bulletin: A react-router-6.25.1.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in react-router-6.25.1.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-68470 DESCRIPTION: React Router is a router for React. In versions 6.0.0 through 6.30.1 an...
Security Bulletin: A netty-codec-http-4.1.118.Final.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in netty-codec-http-4.1.118.Final.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application...
Security Bulletin: A js-yaml-4.1.0.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in js-yaml-4.1.0.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and...
Security Bulletin: A vite-7.1.5.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in vite-7.1.5.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-62522 DESCRIPTION: Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to...
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF03 Vulnerability Details CVEID:CVE-2026-28417 DESCRIPTION: Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw...
Security Bulletin: TDI is vulnerable to do not reject out of range writes due to uuid-11.1.0 - CVE-2026-41907
Summary portal-tdi, portal-tdl and portal gcm uses carbon data table and this library requires uuid 11.1.0 the same library have this CVE-2026-41907 Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6...
Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring
Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.4.18 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...
Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring
Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.2.26 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...
Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring
Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7.38 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...
Security Bulletin: IBM Cognos Analytics Mobile is affected by multiple security vulnerabilties
Summary IBM Cognos Analytics Mobile is affected by multiple security vulnerabilities. These have been addressed in IBM Cognos Analytics Mobile 1.1.26. Vulnerability Details CVEID:CVE-2026-26278 DESCRIPTION: fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS...
Security Bulletin: Multiple vulnerabilities in Aspera applications.
Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Endpoint 4.4.7 Fix Pack 2 and IBM Aspera High-Speed Transfer Server 4.4.7 Fix Pack 2 Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server and IBM Aspera High-Speed Transfer...
Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to take over Java SE
Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-50106 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with netwo...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK
Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS . Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access vi...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addresse...
Security Bulletin: The Analyst Workflow App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows...
Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the cryptography package (CVE-2026-39892)
Summary The cryptography package is used by the z/TPF system as part of runtime metrics collection RTMC. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if...
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in jsPDF (CVE-2026-24040, CVE-2026-24043, CVE-2026-24133, CVE-2026-24737)
Summary Multiple vulnerabilities in the jsPDF library used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 4.0.0. Vulnerability Details CVEID:CVE-2026-24040 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime
Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
Security Bulletin: IBM webMethods Integration Sever is vulnerable to server-side request forgery (CVE-2025-14290)
Summary The "Administration Publishing Add subscriber" Admin UI page of IBM webMethods Integration Server is vulnerable to server-side request forgery. Vulnerability Details CVEID:CVE-2025-14290 DESCRIPTION: IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules axios, protobufjs, fast-xml-parser, follow-redirects, brace-expansion,...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to node module fast-xml-parser
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node module fast-xml-parser Vulnerability Details CVEID:CVE-2026-27942 DESCRIPTION:...
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by vulnerabilities in urllib3 (CVE-2025-50181, CVE-2025-50182)
Summary Vulnerabilities in the urllib3 library CVE-2025-50181, CVE-2025-50182 used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 2.6.3. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Pytho...
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in requests (CVE-2024-47081)
Summary A vulnerability in the requests library CVE-2024-47081 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 2.32.5. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032]
Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032...
Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem
Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Patch 2 Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any...
Security Bulletin: IBM i is Affected by an Improper Validation Vulnerability in zlib [CVE-2026-27171]
Summary Zlib for IBM i is vulnerable to increased CPU consumption when using functions crc32combine64 and crc32combine64gen64 CVE-2026-27171 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via...