Security Bulletin: Vulnerability in Ruby affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Ruby has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

Security Bulletin: Vulnerability in fast-xml affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in fast-xml has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in jackson-core affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in jackson-core has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

Security Bulletin: Vulnerability in Undici affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Undici has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

Security Bulletin: Vulnerability in Black affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Black has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

Security Bulletin: Vulnerability in Immutable.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Immutable.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

Security Bulletin: Vulnerability in Underscore.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Underscore.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in DOMPurify affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in DOMPurify has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Vulnerability in fast-xml-parser affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in fast-xml-parser has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: Due to the use of WebSphere Application Server Liberty, IBM Tivoli Application Dependency Discovery Manager is affected by a prototype pollution vulnerability due to immutable

Summary IBM Tivoli Application Dependency Discovery Manager bundles WebSphere Application Server Liberty, vulnerability has been remediated in an e-fix Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3,...

Security Bulletin: Multiple Vulnerabilities in Hyper-Converged Database 1.2

Summary Multiple vulnerabilities were addressed in Hyper-Converged Database version 1.2.6 Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU Critical Patch Update CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable...

Security Bulletin: Critical XXE Vulnerability in Apache Tika Affecting Content Collector for Email, File Systems, and Microsoft SharePoint (CVE-2025-54988)

Summary Critical XML External Entity in Apache Tika on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

Security Bulletin: Unauthenticated Flow Execution via Webhook Endpoint in Langflow OSS

Summary Langflow OSS POST /api/v1/webhook/flowid executes any user's flow without authentication by default. Setting WEBHOOKAUTHENABLE defaults to False in auth configuration. When False, webhook handler calls getuserbyflowidorendpointname and trusts caller unconditionally with no credential chec...

Security Bulletin: Unauthenticated Remote Code Execution in Langflow OSS PythonREPLComponent via Builtins Injection

Summary Langflow OSS contains unauthenticated RCE vulnerability in PythonREPLComponent "Python Interpreter". Component's getglobals builds restricted globals dict from globalimports whitelist default: "math" but never sets globals"builtins" = . CPython's exec automatically inserts full builtins...

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

Security Bulletin: Security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in JavaScript affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. JavaScript is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fix...

Security Bulletin: Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation. .NET is used by IBM Robotic Process as part of it's development framework. This security bulletin identifies the fixes required to resolve these vulnerabilities Vulnerability Details CVEID:CVE-2026-26171...

Security Bulletin: Security vulnerability in IBM WebSphere Application Server Liberty affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in IBM WebSphere Application Server Liberty affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. IBM WebSphere Application Server Liberty is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak...

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

Security Bulletin: Multiple Security Vulnerabilities in third-Party libraries used by IBM Tivoli Netcool Configuration Manager

Summary Multiple vulnerabilities in the third-party Bouncy Castle libraries used by IBM Tivoli Netcool Configuration Manager have been addressed. Vulnerability Details CVEID:CVE-2026-5588 DESCRIPTION: Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle In...

Security Bulletin: IBM Omnifind Text Search Server for DB2 for i is affected by multiple vulnerabilities[CVE-2017-12626,CVE-2023-44483,CVE-2023-45853,CVE-2024-8176,CVE-2024-11612,CVE-2024-50602,CVE-2025-27363,CVE-2025-29482,CVE-2025-48924,CVE-2025-53816]

Summary IBM Omnifind Text Search Server for DB2 for i is vulnerable to infinite loop attacksCVE-2017-12626, CVE-2024-11612, insertion of sensitive information into log file attackCVE-2023-44483, integer overflow attackCVE-2023-45853, uncontrolled recursion attacksCVE-2024-8176, CVE-2025-48924,...

Security Bulletin: IBM Operational Decision Manager - Multiple CVEs addressed related to SOLR and its dependencies (such as Jetty) affecting ODM-9.0.0 and older versions

Summary This Security bulletin addresses vulnerabilities in Apache Solr and its dependencies including Eclipse Jetty that might affect IBM Operational Decision Manager version 9.0.0 and older versions. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is...

Security Bulletin: Infosphere BigInsights is affected by multiple IBM DB2 advisories (CVE-2014-8910, CVE-2015-1883, CVE-2015-1922, CVE-2015-1935)

Problem Need to understand whether DB2 advisory impacts BigInsights 4.1 installations "Product":"code":"SSCRJT","label":"IBM Db2 Big SQL","Business Unit":"code":"BU048","label":"IBM Software","Component":"--","Platform":"code":"PF016","label":"Linux","Version":"4.1.0","Edition":"","Line of...

Security Bulletin: Vulnerabilities exists in IBM Netezza Software

Summary Vulnerabilities identified in IBM Netezza Software have been addressed in version 11.3.1.1. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications...

Security Bulletin: Vulnerabilities exists in IBM Netezza Software

Summary Vulnerabilities identified in IBM Netezza Software have been addressed in version 11.3.1.1. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request/Response Smuggling Vulnerability in Eclipse Jetty (CVE-2026-2332)

Summary Eclipse Jetty is used by IBM DevOps Deploy / UrbanCode Deploy UCD to handle Agent Relay traffic. CVE-2026-2332. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request Smullging Vulnerability in Netty (CVE-2026-33870)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the Server/Agent/Relay communication system. CVE-2026-33870. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

Security Bulletin: IBM DevOps Deploy / UrbanCode Deploy (UCD) is affected by a HTTP Request/Response Smuggling vulnerablity in Apache Tomcat (CVE-2026-24880)

Summary Apache Tomcat is used by IBM DevOps Deploy / UrbanCode Deploy UCD as to serve its web user interface. CVE-2026-24880. Vulnerability Details CVEID:CVE-2026-24880 DESCRIPTION: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Apache Tomcat via...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities bootstrap-3.4.1.tgz observed

Summary Vulnerabilities have been identified in bootstrap-3.4.1.tgz , which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2024-6485 DESCRIPTION: A security vulnerability has been discovered in bootstrap that could enable Cross-Sit...

Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities Host Header Injection observed

Summary Vulnerabilities have been identified in Host Header Injection , which is used in IBM Engineering Lifecycle Management -Engineering Workflow Management Vulnerability Details CVEID:CVE-2024-51454 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to HTTP header injection, caused...

Security Bulletin: A vulnerability in com.google.code.gson:gson may affect IBM Engineering Workflow Management (CVE-2022-25647)

Summary com.google.code.gson:gson is used by IBM Engineering Workflow Management. IIBM Engineering Workflow Management has addressed the applicable CVE CVE-2022-25647. Vulnerability Details CVEID:CVE-2022-25647 DESCRIPTION: The package com.google.code.gson:gson before 2.8.9 are vulnerable to...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multip...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data.

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed ...

Security Bulletin: IBM ApplinX is vulnerable to multiple vulnerabilities due to the use of Bouncy Castle library (CVE-2023-33202, CVE-2025-8916, CVE-2026-5588, CVE-2025-14813, CVE-2026-5598, CVE-2026-0636)

Summary IBM ApplinX is vulnerable to an Uncontrolled Resource Consumption vulnerability, an Allocation of Resources Without Limits or Throttling vulnerability, a Use of a Broken or Risky Cryptographic Algorithm, a Covert Timing Channel vulnerability and an Improper Neutralization of Special...

Security Bulletin: Multiple Vulnerabilities affect IBM Decision Optimization for Cloud Pak for Data.

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.1 patch 6 Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addressed hostname...

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2026-27142 DESCRIPTION: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an...

Security Bulletin: Due to the use of zlib, IBM EntireX is vulnerable to Improper Validation of Specified Quantity in Input vulnerabilities (CVE-2026-3381, CVE-2026-27171).

Summary Due to the use of zlib, IBM EntireX is vulnerable to Improper Validation of Specified Quantity in Input vulnerabilities CVE-2026-3381, CVE-2026-27171. The version of zlib has been updated within IBM EntireX in order to address the vulnerabilities. Vulnerability Details CVEID:CVE-2026-3381...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server, which impacts IBM Tivoli Netcool Configuration Manager

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Multiple vulnerabilities were addressed in IBM WebSphere Application Server. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: IBM Verify Identity Protection Self-Hosted is affected by multiple vulnerabilities

Summary Security Vulnerabilities were addressed in IBM Verify Identity Protection Self-Hosted Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression...

Security Bulletin: Multiple Security vulnerabilities have been identified in IBM WebSphere Application Server traditional, WebSphere Liberty profile, IBM HTTP Server its WebSphere plugins shipped with IBM Business Automation Workflow

Summary WebSphere Application Server traditional and WebSphere Application Server Liberty profile are shipped as a component of IBM Business Automation Workflow. Optional IBM HTTP Server and relating WebSphere plugins are included with WebSphere. Information about security vulnerabilities affecti...