Lucene search
K

35778 matches found

IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by HTTP request smuggling

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by HTTP request smuggling CVE-2026-11541 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...

9.8CVSS5.9AI score0.00418EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities CVE-2026-11712, CVE-2026-11595, CVE-2026-11708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

9.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities CVE-2026-50645, CVE-2026-9322, CVE-2026-9171 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

7.5CVSS5.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple vulnerabilities CVE-2026-8646, CVE-2026-9320, CVE-2026-9071 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

9.1CVSS5.9AI score0.00338EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by multiple cross-site scripting vulnerabilities

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by multiple cross-site scripting vulnerabilities CVE-2026-11594, CVE-2026-11707, CVE-2026-11383 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affect...

8.5CVSS5.8AI score0.00337EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago5 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a remote code execution vulnerability

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a remote code execution vulnerability CVE-2026-11536 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago7 views

Security Bulletin: IBM Operational Decision Manager for June 2026 - Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Operational Decision Manager Vulnerability Details CVEID:CVE-2026-9828 DESCRIPTION: Deserialization of untrusted data vulnerability in QOS.CH Sarl logback...

9.8CVSS6.6AI score0.00791EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server which is affected by multiple vulnerabilities

Summary The security issue described in CVE-2026-11712, CVE-2026-11595 and CVE-2026-11708 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in t...

9.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty which are affected by multiple vulnerabilities

Summary The security issue described in CVE-2026-50645, CVE-2026-9322 and CVE-2026-9171 has been identified in WebSphere Application Server and WebSphere Application Server Liberty included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refe...

7.5CVSS5.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago8 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a Denial of Service vulnerability due to pyasn1

Summary pyasn1 is used by IBM Cloud Pak for Data System 1.0 as a generic ASN.1 encoding and decoding library for Python applications. CVE-2026-30922 affects pyasn1's ASN.1 decoder, where processing of crafted payloads containing deeply nested SEQUENCE or SET tags with indefinite length markers...

7.5CVSS6.8AI score0.0058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago11 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a Regular Expression Denial of Service vulnerability due to idna

Summary idna is used by IBM Cloud Pak for Data System 1.0 as a Python library for Internationalized Domain Names in Applications IDNA encoding and decoding. CVE-2026-45409 affects idna's encode function, where processing of arbitrarily large domain name inputs exploits the validcontexto function...

6.9CVSS6.3AI score0.00408EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses multiple packages which are vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Monitor Component uses next-15.5.14.tgz, tomcat-embed-core-10.1.54.jar, systeminformation-5.31.4.tgz, jackson-core-2.19.2.jar, jackson-core-2.19.4.jar, jackson-core-2.20.0.jar, jackson-core-2.21.0.jar which are vulnerable to CVE-2026-44572, CVE-2026-44573,...

8.6CVSS6.7AI score0.38811EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses multiple dependencies which are vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security, is affected by a privilege escalation vulnerability and server-side request forgery, requests-2.32.4-py3-none-any.whl which are vulnerable to...

9.8CVSS6.5AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by multiple vulnerabilities due to cryptography

Summary cryptography is used by IBM Cloud Pak for Data System 1.0 as a Python package providing cryptographic primitives and recipes for secure communications. Multiple vulnerabilities affect the cryptography package. CVE-2024-12797 involves missing error reporting in RFC7250 Raw Public Key RPK...

8.2CVSS6.8AI score0.02439EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a command injection vulnerability due to Click

Summary Click is used by IBM Cloud Pak for Data System 1.0 as a command-line interface creation library for Python applications. CVE-2026-7246 affects Click's click.edit function, which fails to properly neutralize special elements in input, allowing attackers to inject and execute arbitrary...

7.2CVSS6.2AI score0.0081EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by a sensitive information caching vulnerability due to Flask

Summary Flask is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application framework. CVE-2026-27205 affects Flask's session handling, where certain forms of session object access such as the Python in operator fail to set the Vary: Cookie header, resulting in session-specific responses...

4.3CVSS5.9AI score0.00374EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by improper handling of Windows device names due to Werkzeug

Summary Werkzeug is used by IBM Cloud Pak for Data System 1.0 as a WSGI web application library. CVE-2026-27199 affects Werkzeug's safejoin function, which fails to properly filter Windows device names when preceded by other path segments in multi-segment paths. This allows the sendfromdirectory...

6.3CVSS5.9AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.0) is affected by an XML external entity (XXE) vulnerability due to lxml

Summary lxml is used by IBM Cloud Pak for Data System 1.0 as a library for processing XML and HTML in Python applications. CVE-2026-41066 affects lxml's default parser configuration, where untrusted XML input can exploit external entity references to read local files from the system. This XML...

7.5CVSS6AI score0.00324EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: IBM Financial Transaction Manager v4 is impacted by multiple vulnerabilities in WebSphere Application Server Liberty

Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2026-10852 DESCRIPTION: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere...

9.8CVSS7.8AI score0.005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago7 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.4.0 Vulnerability Details CVEID:CVE-2026-33891 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version...

9.1CVSS7.3AI score0.00596EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago9 views

Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]

Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0 and IBM Cloud Pak System version 2.3.5.1 BYOH on power. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The...

6AI score
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago4 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2026-34182 DESCRIPTION: Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fiel...

9.1CVSS8AI score0.00513EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago9 views

Security Bulletin: Vulnerability in Semeru Runtime affecting Rational Business Developer

Summary There are vulnerabilities in Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network...

7.5CVSS6.5AI score0.00635EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple vulnerabilities (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by cross-sight scripting and path traversal vulnerabilities. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

9.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week7 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by multiple vulnerabilities (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by cross-sight scripting and path traversal vulnerabilities. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

9.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week5 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple vulnerabilities (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by cross-sight scripting and path traversal vulnerabilities. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...

9.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week9 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a denial of service vulnerability due to Eclipse Parsson (CVE-2026-9563)

Summary IBM WebSphere Application Server Liberty is affected by a denial of service with the jsonp-2.1 feature enabled. Vulnerability Details CVEID:CVE-2026-9563 DESCRIPTION: In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maxim...

7.5CVSS5.9AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an authorization bypass vulnerability (CVE-2026-11714)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS5.9AI score0.00203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week5 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty (bundled with IBM Enterprise Application Runtimes) are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by uncontrolled resource consumption and denial of service. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS5.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week5 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an authorization bypass vulnerability (CVE-2026-11714)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

9.8CVSS5.9AI score0.00203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an authorization bypass vulnerability (CVE-2026-11714)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS5.9AI score0.00203EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability (CVE-2026-11546)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...

9.8CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week7 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability (CVE-2026-11546)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

9.8CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week5 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2026-11546)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.9AI score0.00222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an arbitrary file read vulnerability (CVE-2026-11806)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS6AI score0.00472EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: IBM watsonx.data integration is vulnerable to authorization bypass due to the Moby package (CVE-2026-33997, CVE-2026-34040)

Summary Moby is used by IBM watsonx.data integration as part of container processing. Vulnerability Details CVEID:CVE-2026-33997 DESCRIPTION: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to...

8.8CVSS6AI score0.08123EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

9.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: IBM watsonx.data integration is vulnerable to payload verification errors due to the go-git package (CVE-2026-45022)

Summary go-git is used by IBM watsonx.data integration as part of repository handling. Vulnerability Details CVEID:CVE-2026-45022 DESCRIPTION: go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way...

7.5CVSS5.9AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week5 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

9.8CVSS6.5AI score0.00781EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-66506 DESCRIPTION: Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3,...

7.5CVSS6.1AI score0.00459EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week4 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-48779 DESCRIPTION: ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to but not including 5.2.5, from 6.0.0 up to 6.2.4,...

10CVSS6AI score0.00782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: IBM WebSphere Application Server, bundled with IBM WebSphere Remote Server, is affected by a cross-site request forgery vulnerability (CVE-2026-8408)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week12 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by uncontrolled resource consumption and denial of service. Vulnerability Details CVEID:CVE-2026-50645 DESCRIPTION: There is no restriction on the amount of attachment headers that a message can contain...

7.5CVSS6AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week6 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.1.0 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data...

9.8CVSS7.5AI score0.51547EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week4 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v10.0.8.10 Vulnerability Details CVEID:CVE-2026-33244 DESCRIPTION: React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the...

8.1CVSS7.1AI score0.00808EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...

7.5CVSS5.9AI score0.0046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week11 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, bundled with WebSphere Remote Server, are affected by a denial of service due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...

7.5CVSS6.8AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week4 views

Security Bulletin: QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar App SDK has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION:...

9.8CVSS6.2AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-50193 DESCRIPTION: jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data...

8.1CVSS5.9AI score0.00695EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added last week10 views

Security Bulletin: IBM WebSphere Application Server is affected by a cross-site request forgery vulnerability (CVE-2026-8408)

Summary IBM WebSphere Application Server is affected by a cross-site request forgery vulnerability when using the Administrative Console. Vulnerability Details CVEID:CVE-2026-8408 DESCRIPTION: IBM WebSphere Application Server is affected by a cross-site request forgery, caused by improper...

6AI score
Exploits0Affected Software1
Total number of security vulnerabilities35778