35608 matches found
Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary Multiple vulnerabilities in IBM® Db2® 12.1.3 and earlier affect IBM® Db2® Big SQL on IBM Cloud Pak for Data 5.3 and earlier. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remot...
Security Bulletin: A vulnerability in the minimatch package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary A vulnerability in the minimatch package affects IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions...
Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 a...
Security Bulletin: A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary A vulnerability in the Immutable.js package affects IBM® Db2® Big SQL 8 and ealier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1....
Security Bulletin: A vulnerability in the qs package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary A vulnerability in the qs package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled,...
Security Bulletin: Multiple vulnerability in IBM Db2 affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary Multiple vulnerability in IBM Db2 affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and ealier. Vulnerability Details CVEID:CVE-2025-36247 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is...
Security Bulletin: A vulnerability in package Lodash affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.
Summary A vulnerability in OpenSSL affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacke...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2026-29111 DESCRIPTION: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spuriou...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications
Summary Multiple Vulnerabilities were disclosed as part of the Oracle January 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cau...
Security Bulletin: IBM Cognos Analytics is affected by multiple security vulnerabilities
Summary There are vulnerabilities in multiple Open-Source Software OSS components consumed by IBM Cognos Analytics. Please review the below vulnerabilities and take necessary remediation actions. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos...
Security Bulletin: IBM SPSS Analytic Server is affected by a Vert.x Web Static Handler cache manipulation vulnerability (CVE-2026-1002)
Summary IBM SPSS Analytic Server is affected by a Vert.x Web Static Handler cache manipulation vulnerability CVE-2026-1002. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated t...
Security Bulletin: This Power System update is being released to address CVE-2026-7254
Summary The BMC's HTTPS interface is vulnerable to denial of service attacks by unauthenticated network users. Vulnerability Details CVEID:CVE-2026-7254 DESCRIPTION: OpenBMC HTTPS service is vulnerable to attacks by unauthenticated network users which can result in denial of service. CWE:CWE-1284...
Security Bulletin: This Power System update is being released to address CVE-2026-22796
Summary This impacts the BMC administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the BMC the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...
Security Bulletin: This Power System update is being released to address CVE-2026-22796
Summary This impacts the FSP administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the FSP the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to axios
Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to multiple vulnerabilities due to axios. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior...
Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares
Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.2 Vulnerability Details CVEID:CVE-2026-33168 DESCRIPTION: Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a...
Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of thin-vec (CVE-2026-6654)
Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses the thin-vec-0.2.14 crate, which is vulnerable to a double free error. Vulnerability Details CVEID:CVE-2026-6654 DESCRIPTION: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear...
Security Bulletin: IBM Cloud Kubernetes is affected by a Linux kernel security vulnerability (CVE-2026-31431)
Summary IBM Cloud Kubernetes Service is affected by a vulnerability in the Linux kernel that could allow a local attacker to escalate their privileges CVE-2026-31431. Vulnerability Details CVEID : CVE-2026-31431 Description : In the Linux kernel, the following vulnerability has been resolved:...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Linux kernel security vulnerability (CVE-2026-31431)
Summary Red Hat OpenShift on IBM Cloud is affected by a vulnerability in the Linux kernel that could allow a local attacker to escalate their privileges CVE-2026-31431. Vulnerability Details CVEID : CVE-2026-31431 Description : In the Linux kernel, the following vulnerability has been resolved:...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat
Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTION: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension...
Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...
Security Bulletin: Security vulnerability in Golang affects IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Golang affects IBM Robotic Process Automation. Golang is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2026-25518 DESCRIPTION:...
Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...
Security Bulletin: Security vulnerability in Java affects IBM Robotic Process Automation
Summary A security vulnerability in Java affects IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
Security Bulletin: Security vulnerability in IBM WebSphere Application Server Liberty affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in IBM WebSphere Application Server Liberty affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. IBM WebSphere Application Server Liberty is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...
Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization
Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass...
Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)
Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...
Security Bulletin: IBM Operator for Apache Flink is affected by a vulnerability in AssertJ library (CVE-2026-24400)
Summary This security vulnerability in the AssertJ library used within IBM Event Processing could allow an attacker to exploit specially crafted XML input to cause local file disclosure, server-side request forgery SSRF, or denial of service in Java-based components running on the Apache Flink...
Security Bulletin: IBM Event Streams is vulnerable to denial of service (DoS) due to a vulnerability in Bouncy Castle Java libraries (CVE-2025-8916)
Summary IBM Event Streams is vulnerable to an allocation of resources without limits or throttling vulnerability in the Bouncy Castle Java libraries bcprov, bcpkix, and bcpkix-fips used for TLS and certificate validation. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of...
Security Bulletin: Erlang OTP inets httpd HTTP Request Smuggling via Duplicate Content-Length Handling
Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...
Security Bulletin: Carbon chart DOMPurify XSS Vulnerabilities (CVE-2026-41238, CVE-2026-41239, CVE-2026-41240)
Summary Three cross-site scripting XSS vulnerabilities CVE-2026-41238, CVE-2026-41239, and CVE-2026-41240 were identified in the DOMPurify library versions 3.0.1 through 3.3.3. These vulnerabilities allow attackers to bypass sanitization through prototype pollution exploitation, template expressi...
Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (May 2026)
Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data...
Security Bulletin: IBM i is Affected By A Cross-Site Scripting Vulnerability in Navigator for i [CVE-2026-0540]
Summary Navigator for IBM i uses the Monaco editor to edit config files. The Monaco editor uses DOMPurify to sanitize the HyperText Markup Language HTML in the editor. DOMPurify is vulnerable to improper neutralization of input by using rawtext elements missing from the SAFEFORXML regex...
Security Bulletin: IBM i is Affected by a Denial of Service Vulnerability [CVE-2026-6936]
Summary IBM i is vulnerable to denial of service due to uncontrolled recurision in the Integrated Language Environment ILE compiler as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-6936 DESCRIPTION: IBM i is vulnerable to a denial-of-service attack due to...
Security Bulletin: Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
Summary An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any...
Security Bulletin: Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
Summary Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterpris...
Security Bulletin: Multiple security vulnerabilities affecting IBM Knowledge Catalog for IBM Cloud Pak for Data
Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog for IBM Cloud Pak for Data. These vulnerabilities have been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION...
Security Bulletin: Multiple Vulnerabilities in watsonx.data
Summary Multiple vulnerabilities were addressed in watsonx.data 2.3.1 patch 2 version, which was present in different version from watson.data 2.2.2 to watsonx.dat 2.3.1 Patch 2 Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow
Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in click-8.1.8-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in click-8.1.8-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit function, allowing attackers to pass arbitra...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTION: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via invalid chunk extension. This...
Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of Eclipse Jetty
Summary Due to use of Eclipse Jetty, DevOps Test Performance and Rational Performance Tester contain potential input validation, information exposure, integer overflow, memory allocation, HTTP parsing, and URI authority validation vulnerabilities. Vulnerability Details CVEID:CVE-2022-2047...
Security Bulletin: Vulnerability in pypdf bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage include pypdf which could cause infinite loop vulnerability. CVE-2026-24688. Vulnerability Details CVEID:CVE-2026-24688 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop...