Security Bulletin: IBM Edge Data Collector uses bytes-1.10.0.crate which is vulnerable to CVE-2026-25541.

Summary IBM Edge Data Collector uses bytes-1.10.0.crate which is vulnerable to CVE-2026-25541. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 to before...

Security Bulletin: IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2025-68146.

Summary IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2025-68146. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In version...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to rhino

Summary IBM webMethods BPM uses rhino to embed a JavaScript engine for executing internal scripts related to business logic and configuration. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1,...

Security Bulletin: IBM Content Navigator is affected by Apache Xerces2

Summary IBM Content Navigator is affected by multiple vulnerabilities in the Apache Xerces2 Java XML parser library. CVE-2009-2625 and CVE-2022-23437 describe infinite loop conditions triggered by malformed XML input, leading to application hang or denial of service. CVE-2012-0881 allows CPU...

Security Bulletin: IBM Content Navigator is affected by CVE-2025-46392

Summary IBM Content Navigator is affected by CVE-2025-46392, an Uncontrolled Resource Consumption vulnerability CWE-400 in Apache Commons Configuration 1.x commons-configuration-1.7.jar. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to JSON-Java

Summary IBM webMethods BPM uses JSON-Java for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts...

Security Bulletin: Operator for IBM DataPower Gateway vulnerable to Denial of Service

Summary This vulnerability can allow an invalid DNS response to cause an operator crash. Vulnerability Details CVEID:CVE-2026-25518 DESCRIPTION: cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to commons-io

Summary IBM webMethods BPM uses commons-io to simplify file and stream handling operations within the application, such as reading, writing, and manipulating files and input/output streams. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: In Apache Commons IO before 2.7, When invoking the...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to jetty

Summary IBM webMethods BPM uses jetty to enable embedded web server capabilities within the application. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for...

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service

Summary Processing a malformed PKCS12 file can cause an appliance reload. Vulnerability Details CVEID:CVE-2026-22795 DESCRIPTION: Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a...

Security Bulletin: IBM dataPower Gateway affected by prototype pollution vulnerability in Lodash

Summary The affected package is used in the UI and API Gateway Director components Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause...

Security Bulletin: IBM WebSphere Automation is vulnerable to multiple security vulnerabilites

Summary Multiple security vulnerabilites were identified in the Open Liberty baseimage which is shipped with IBM WebSphere Automation. Vulnerability Details CVEID:CVE-2015-20107 DESCRIPTION: In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js module Multer (CVE-2026-2359, CVE-2026-3304 & CVE-2026-3520)

Summary The IBM App Connect Enterprise Connector Discovery and OpenAPI Editor is vulnerable to multiple vulnerabilities due to Node.js module Multer. Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules.

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to multiple node modules. Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer ...

Security Bulletin: Multiple vulnerabilities in IBM Event Endpoint Management.

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management 11.7.3 Vulnerability Details CVEID:CVE-2025-68470 DESCRIPTION: React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a Rea...

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.1 Vulnerability Details CVEID:CVE-2025-13916 DESCRIPTION: IBM Aspera Shares uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information CWE:CWE-327: U...

Security Bulletin: IBM Cloud Pak for Data System 2.0 is affected by credential leakage due to requests library

Summary The requests library is used by IBM Cloud Pak for Data System 2.0 as an HTTP library for Python applications. CVE-2024-47081 affects the requests library's URL parsing mechanism where a vulnerability allows .netrc credentials to be leaked to third parties when processing specific...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2026.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue...

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026

Summary In addition to updating many operating system level packages on container images, IBM Business Automation Workflow fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3 which is vulnerable to CVE-2026-26007

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION...

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4 which is vulnerable to CVE-2026-21860

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...

Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2019-17638, CVE-2020-27218, CVE-2021-28169, CVE-2021-34428, CVE-2022-2047, CVE-2023-26048, CVE-2023-26049, CVE-2024-13009, CVE-2024-8184 Vulnerability Details CVEID:CVE-2019-17638 DESCRIPTION: In Eclip...

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2 which is vulnerable to CVE-2026-27205

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server...

Security Bulletin: Due to the use of hibernate-core. IBM webMethods BPM is vulnerable to a second-order SQL injection

Summary IBM webMethods BPM tool is dependant on hibernate-core which is affected by known vulnerability - CVE-2026-0603. Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection...

Security Bulletin: Security Configuration vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2025-14914)

Summary IBM WebSphere Application Server Liberty is vulnerable to a remote code execution attack which can affect IBM Spectrum Protect Operations Center. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a...

Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in IBM SDK, Java Technology Edition that could allow denial-of-service or information exposure in applications using the affected Java components.

Summary IBM Storage Protect Server is affected by multiple vulnerabilities in IBM SDK, Java Technology Edition may allow attackers to exploit weaknesses in certain Java components. These issues could lead to denial-of-service conditions or unintended information exposure in applications that rely...

Security Bulletin:IBM Storage Protect Server is vulnerable to an unauthenticated attacker with network access via multiple protocols and TLS due to IBM SDK, Java (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925).

Summary IBM SDK, Java is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of...

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the logback-core library that could allow denial-of-service through specially crafted inputs (CVE-2026-1225).

Summary IBM Storage Protect Server uses the logback-core library in certain components; the library is affected by an input handling flaw that could allow specially crafted inputs to trigger a denial-of-service condition. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in...

Security Bulletin: IBM Storage Protect Operations Center is affected by a vulnerability in IBM WebSphere Application Server Liberty that could allow a security configuration attack (CVE-2025-12635).

Summary IBM Spectrum Protect Operations Center uses IBM WebSphere Application Server Liberty in certain components; a vulnerability in Liberty may allow a security configuration attack that could impact the security of the affected environment under specific conditions. Vulnerability Details...

Security Bulletin: IBM Storage Protect Server is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS due to IBM SDK, Java (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary IBM SDK, Java is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE,...

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the logback-core library that could lead to denial-of-service under specific conditions (CVE-2025-11226).

Summary IBM Storage Protect Server uses the logback-core library in certain components; the library is vulnerable to improper handling of certain inputs that could lead to denial-of-service under specific conditions. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in...

Security Bulletin:IBM Storage Protect Server is affected by a vulnerability in the Apache POI library that could lead to denial-of-service when processing specially crafted archive files (CVE-2019-12415).

Summary IBM Storage Protect Server uses the Apache POI library in certain components; this library is vulnerable to processing specially crafted archive files that may cause excessive memory allocation, potentially leading to a denial-of-service condition. Vulnerability Details CVEID:CVE-2019-124...

Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in the Golang crypto library used by the Object Agent and OSSM components that could lead to denial-of-service (CVE-2025-47913, CVE-2025-47914, CVE-2025-58181).

Summary IBM Storage Protect Server uses the Golang crypto library in the Object Agent and OSSM components. Vulnerabilities in this library may allow specially crafted inputs to trigger denial-of-service conditions in applications using the affected components. Vulnerability Details...

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Apache Commons IO library that could lead to denial-of-service when processing specially crafted input (CVE-2025-48924).

Summary IBM Storage Protect Server uses the Apache Commons IO library in certain components; Apache Commons IO is vulnerable to improper resource handling that may lead to denial-of-service conditions when processing specially crafted input. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION:...

Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in the Eclipse Jetty web server library that could lead to denial-of-service due to issues in certificate and protocol handling (CVE-2024-6763, CVE-2024-8184).

Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Vulnerabilities related to certificate and protocol handling in the Jetty library may allow specially crafted requests to trigger denial-of-service conditions in applications using the affected...

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Eclipse Jetty web server library that could lead to request data corruption or leakage between sessions (CVE-2024-13009).

Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Jetty is vulnerable to improper handling of malformed gzip requests, which may lead to request data corruption or inadvertent leakage of request data between sessions under certain conditio...

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2022-50673 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows...

Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosures and cross-site scripting

Summary Several potential Cross-Site Scripting and Information Disclosure issues addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2025-13995 DESCRIPTION: IBM QRadar SIEM could allow an attacker with access to one tenant to access hostname data from another tenant's account...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to XSS (CVE-2026-33230), denial of service (CVE-2026-33231, GHSA-rf74-v2fm-23pw) and path traversal (CVE-2026-33236)

Summary Python module NLTK is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to cross-site scripting CVE-2026-33230, denial of service CVE-2026-3323...

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote...

Security Bulletin: Technical Support Appliance - potential denial of service conditions in underlying Linux kernel

Summary Multiple vulnerabilities have been identified in the Linux kernel affecting subsystems such as ext4 filesystem, IPv6 networking, framebuffer console, and other optional components e.g., Bluetooth, RDMA, NFS, NVMe, USB audio. These issues primarily involve race conditions, use-after-free...

Security Bulletin: Technical Support Appliance - potential denial of service in Linux kernel subsystems

Summary Multiple vulnerabilities have been identified in the Linux kernel affecting subsystems including InfiniBand hfi1, RDMA, SquashFS, ATM networking, USB core, MPTCP, procfs, and framebuffer fbdev. These issues involve race conditions, use-after-free scenarios, and out-of-bounds memory access...

Security Bulletin: IBM Technical Support Appliance - potential denial of service in Linux kernel subsystems

Summary Multiple vulnerabilities have been identified in the Linux kernel affecting subsystems including RDMA rxe and core memory management. These issues involve conditions such as double free, incomplete state handling, and NULL pointer dereference, which could lead to system instability or...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM Common Licensing due to CVE-2026-1188

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM LKS Administration and Reporting Tool ART and Administration Agent. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to remote code execution (CVE-2026-1615)

Summary Node.js module jsonpath is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Starlette (CVE-2025-54121)

Summary A vulnerability in the Starlette library CVE-2025-54121 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 0.49.3. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface...

Security Bulletin: A vulnerability in zlib affects IBM License Metric Tool v9 scanner (CIT)

Summary There is a vulnerability in the zlib component used by IBM License Metric Tool v9 scanner CIT Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that ha...

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate...

Security Bulletin: IBM SPSS Modeler is vulnerabile to SSL private key exposure (CVE-2023-33842)

Summary An SSL private key exposure in IBM SPSS Modeler could allow a local user to decrypt and obtain sensitive information Vulnerability Details CVEID:CVE-2023-33842 DESCRIPTION: IBM SPSS Modeler on Windows requires the end user to have access to the server SSL key which could allow a local use...