Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 5:14 p.m.9 views

Security Bulletin: Due to the use of c3p0, IBM webMethods BPM is vulnerable to attack via maliciously crafted Java-serialized objects (CVE-2026-27830)

Summary IBM webMethods BPM includes the standalone utility which includes the vulnerable component c3p0. The tool operates as a standalone utility and is not part of the main runtime environments. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0, a JDBC Connection pooling library, is...

8.9CVSS6.1AI score0.00534EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 2:4 p.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Bob

Summary Multiple vulnerabilities were addressed in IBM Bob V 1.0.2 Vulnerability Details CVEID:CVE-2026-39407 DESCRIPTION: Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static...

8.7CVSS6.3AI score0.00612EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 2:3 p.m.20 views

Security Bulletin: Multiple Vulnerabilities in IBM Tivoli Netcool/OMNIbus_GUI

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool/OMNIbusGUI 8.1.0 Fix Pack 41. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible i...

9.8CVSS6.1AI score0.0644EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 1:44 p.m.19 views

Security Bulletin: Vulnerability affect underscore-umd-min, werkzeug-3.1.5, flask-3.1.1, cryptography, aircompressor, pyasn1, http, log4j, apache2-build, commons-configuration, bcpkix-jdk18on, server-MariaDB, Jline, IBM COS Systems (April 2026)

Summary Vulnerability with underscore-umd-min CVE-2026-27601, werkzeug-3.1.5 CVE-2026-27199, flask-3.1.1-py3-nCVE-2026-27205, cryptographyCVE-2026-26007, aircompressorCVE-2025-67721, pyasn1CVE-2026-23490, http, log4jCVE-2025-68161, apache2-buildCVE-2025-55753, commons-configurationCVE-2024-29131,...

8.2CVSS7AI score0.00784EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 7:34 a.m.15 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-14917) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could...

9.8CVSS5.8AI score0.00355EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 7:32 a.m.20 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2026-1561) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is...

5.4CVSS7.3AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 7:29 a.m.12 views

Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-14915) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14915 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is...

7.2CVSS5.8AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 7:27 a.m.17 views

Security Bulletin: Vulnerability in IBM WebSphere Application ( CVE-2025-14923) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could...

9.8CVSS5.8AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:47 a.m.17 views

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NRS.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - NRS addressed in 3.0.5.1. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL...

5.3CVSS6.7AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:46 a.m.13 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (April 2026)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:45 a.m.13 views

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

6.5CVSS6.8AI score0.16212EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:42 a.m.15 views

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - NPS.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - NPS addressed in 11.3.0.2-IF1 Vulnerability Details CVEID:CVE-2016-10735 DESCRIPTION: In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability...

7.4CVSS6.5AI score0.0615EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:40 a.m.12 views

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2022-3219 DESCRIPTION: GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached,...

7.5CVSS5.4AI score0.00962EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:31 a.m.10 views

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2025-36220 DESCRIPTION: IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which coul...

9.8CVSS5.9AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:3 a.m.19 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.318 Vulnerability Details CVEID:CVE-2020-25576 DESCRIPTION: An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slice...

9.8CVSS7.2AI score0.01545EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 8:18 p.m.14 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses axios-1.13.5.tgz which is vulnerable to CVE-2026-40175

Summary IBM Maximo Scheduler Optimizer uses axios-1.13.5.tgz which is vulnerable to CVE-2026-40175. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

9CVSS7AI score0.01815EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 6:49 p.m.17 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

8.7CVSS6.9AI score0.00487EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 5:17 p.m.12 views

Security Bulletin: A runtime-7.23.5.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in runtime-7.23.5.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using...

6.2CVSS6.3AI score0.00478EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 5:13 p.m.13 views

Security Bulletin: A nimbus-jose-jwt-9.37.3.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in nimbus-jose-jwt-9.37.3.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before...

5.8CVSS6.8AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 5:10 p.m.15 views

Security Bulletin: A json-path-2.6.0.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in json-path-2.6.0.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path v2.8.0 was discovered to contain a stack overflow via the...

5.3CVSS6.8AI score0.0067EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 5:5 p.m.23 views

Security Bulletin: A commons-lang3-3.12.0.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in commons-lang3-3.12.0.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issu...

5.3CVSS6.6AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 5:1 p.m.18 views

Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affects IBM Rational Functional Tester / DevOps Test UI

Summary There are vulnerabilities in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote...

6.5CVSS6.8AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 4:54 p.m.18 views

Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.C...

7CVSS6.2AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 4:49 p.m.17 views

Security Bulletin: A logback-core-1.5.18.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in logback-core-1.5.18.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-cor...

1.8CVSS6AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 4:43 p.m.7 views

Security Bulletin: A react-router-6.25.1.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in react-router-6.25.1.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-68470 DESCRIPTION: React Router is a router for React. In versions 6.0.0 through 6.30.1 an...

6.5CVSS5.7AI score0.00198EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 3:22 p.m.13 views

Security Bulletin: A netty-codec-http-4.1.118.Final.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in netty-codec-http-4.1.118.Final.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application...

6.5CVSS6.5AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 3:16 p.m.11 views

Security Bulletin: A js-yaml-4.1.0.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in js-yaml-4.1.0.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and...

5.3CVSS6.6AI score0.00378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 3:9 p.m.12 views

Security Bulletin: A vite-7.1.5.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in vite-7.1.5.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-62522 DESCRIPTION: Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to...

6CVSS6AI score0.01031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 1:53 p.m.24 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF03 Vulnerability Details CVEID:CVE-2026-28417 DESCRIPTION: Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw...

9.8CVSS7.4AI score0.01545EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 11:29 a.m.14 views

Security Bulletin: TDI is vulnerable to do not reject out of range writes due to uuid-11.1.0 - CVE-2026-41907

Summary portal-tdi, portal-tdl and portal gcm uses carbon data table and this library requires uuid 11.1.0 the same library have this CVE-2026-41907 Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v5, and v6...

9.3CVSS5.8AI score0.00337EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/24 3:12 p.m.20 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.4.18 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

9.8CVSS6.6AI score0.00312EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/24 3:8 p.m.21 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.2.26 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

9.8CVSS6.6AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/24 3:4 p.m.15 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7.38 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

9.8CVSS6.6AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 10:36 p.m.18 views

Security Bulletin: IBM Cognos Analytics Mobile is affected by multiple security vulnerabilties

Summary IBM Cognos Analytics Mobile is affected by multiple security vulnerabilities. These have been addressed in IBM Cognos Analytics Mobile 1.1.26. Vulnerability Details CVEID:CVE-2026-26278 DESCRIPTION: fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS...

9.8CVSS7.2AI score0.62378EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 7:21 p.m.20 views

Security Bulletin: Multiple vulnerabilities in Aspera applications.

Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Endpoint 4.4.7 Fix Pack 2 and IBM Aspera High-Speed Transfer Server 4.4.7 Fix Pack 2 Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server and IBM Aspera High-Speed Transfer...

9.8CVSS6.8AI score0.0058EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 6:32 p.m.20 views

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to take over Java SE

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-50106 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with netwo...

8.1CVSS7.1AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 3:39 p.m.9 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK

Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS . Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access vi...

7.5CVSS7.2AI score0.00702EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 2:52 p.m.17 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addresse...

7.5CVSS5.8AI score0.0086EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 1:31 p.m.15 views

Security Bulletin: The Analyst Workflow App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows...

9.8CVSS7AI score0.0115EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 1:5 p.m.10 views

Security Bulletin: z/Transaction Processing Facility is affected by a vulnerability in the cryptography package (CVE-2026-39892)

Summary The cryptography package is used by the z/TPF system as part of runtime metrics collection RTMC. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if...

9.8CVSS5.9AI score0.00652EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 12:32 p.m.11 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple vulnerabilities in jsPDF (CVE-2026-24040, CVE-2026-24043, CVE-2026-24133, CVE-2026-24737)

Summary Multiple vulnerabilities in the jsPDF library used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 4.0.0. Vulnerability Details CVEID:CVE-2026-24040 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS...

8.7CVSS5.9AI score0.00559EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 9:14 a.m.20 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...

7.5CVSS5.9AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 9:11 a.m.11 views

Security Bulletin: IBM webMethods Integration Sever is vulnerable to server-side request forgery (CVE-2025-14290)

Summary The "Administration Publishing Add subscriber" Admin UI page of IBM webMethods Integration Server is vulnerable to server-side request forgery. Vulnerability Details CVEID:CVE-2025-14290 DESCRIPTION: IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may...

5.4CVSS5.8AI score0.00182EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 8:50 a.m.11 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules axios, protobufjs, fast-xml-parser, follow-redirects, brace-expansion,...

9.8CVSS6.2AI score0.00745EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 8:32 a.m.12 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to node module fast-xml-parser

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node module fast-xml-parser Vulnerability Details CVEID:CVE-2026-27942 DESCRIPTION:...

7.5CVSS5.8AI score0.00576EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 6:11 a.m.9 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by vulnerabilities in urllib3 (CVE-2025-50181, CVE-2025-50182)

Summary Vulnerabilities in the urllib3 library CVE-2025-50181, CVE-2025-50182 used by IBM InfoSphere Optim Archive Viewer have been addressed by upgrading the library to version 2.6.3. Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Pytho...

6.1CVSS5.8AI score0.004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 6:11 a.m.7 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in requests (CVE-2024-47081)

Summary A vulnerability in the requests library CVE-2024-47081 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading to version 2.32.5. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to...

5.3CVSS5.7AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 5:57 a.m.17 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032...

9.8CVSS5.8AI score0.01325EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 5:56 a.m.14 views

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Patch 2 Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any...

7.5CVSS6.1AI score0.00838EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 2:7 a.m.13 views

Security Bulletin: IBM i is Affected by an Improper Validation Vulnerability in zlib [CVE-2026-27171]

Summary Zlib for IBM i is vulnerable to increased CPU consumption when using functions crc32combine64 and crc32combine64gen64 CVE-2026-27171 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via...

5.5CVSS5.8AI score0.00204EPSS
Exploits1Affected Software5
Total number of security vulnerabilities35608