Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34922 matches found

IBM Security Bulletins
IBM Security Bulletins•added 2026/03/24 7:5 a.m.•4 views

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.1 which is vulnerable to CVE-2026-23490

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.1-py3-none-any.whl which is vulnerable to CVE-2026-23490. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic...

7.5CVSS6.7AI score0.00032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/24 6:56 a.m.•6 views

Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same...

8.8CVSS7.7AI score0.02889EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:53 p.m.•2 views

Security Bulletin: Vulnerabilities in Storybook affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Storybook has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-68429 DESCRIPTION:...

7.3CVSS7AI score0.00013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:50 p.m.•3 views

Security Bulletin: Vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47914 DESCRIPTION: SSH Agent...

5.3CVSS6.7AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:49 p.m.•4 views

Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-66560 DESCRIPTION: Quarkus ...

7.5CVSS5.7AI score0.00013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:47 p.m.•2 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input...

6.3CVSS6.3AI score0.0004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:47 p.m.•6 views

Security Bulletin: Vulnerabilities in Undici affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Undici has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-22036 DESCRIPTION: Undici is...

7.5CVSS7AI score0.00024EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:46 p.m.•2 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLim...

7.5CVSS6.2AI score0.0005EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:43 p.m.•2 views

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is a...

6.5CVSS6.5AI score0.00024EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:42 p.m.•3 views

Security Bulletin: Vulnerabilities in juliangruber affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in juliangruber has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A...

3.1CVSS4.4AI score0.00092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:41 p.m.•5 views

Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-8869 DESCRIPTION: When extracting a ta...

5.9CVSS6.7AI score0.00022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:40 p.m.•5 views

Security Bulletin: Vulnerabilities in affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Ta...

8.2CVSS6.5AI score0.00011EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 7:39 p.m.•6 views

Security Bulletin: Vulnerabilities in wheel affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in wheel has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a...

7.1CVSS7.4AI score0.00015EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 4:22 p.m.•11 views

Security Bulletin: Enumeration of users, compromised data confidentiality and integrity, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to enumeration of users, compromised data confidentiality and integrity, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22029 DESCRIPTION: React Router is a router for React. In...

8.1CVSS6.8AI score0.01231EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 4:3 p.m.•6 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in jsPDF (CVE-2025-57810)

Summary A vulnerability in jsPDF CVE-2025-57810 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 4.0.0. Vulnerability Details CVEID:CVE-2025-57810 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the...

8.7CVSS6.4AI score0.00261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 4:1 p.m.•6 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in form-data (CVE-2025-7783)

Summary A vulnerability in the form-data library CVE-2025-7783 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 4.0.5. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTT...

9.4CVSS6.6AI score0.01319EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 3:13 p.m.•9 views

Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-lengt...

9.8CVSS6AI score0.00175EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 2:6 p.m.•3 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

6.5CVSS7.4AI score0.00004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 1:59 p.m.•3 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation

Summary A security vulnerability in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelo...

6.5CVSS7.4AI score0.00004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 1:58 p.m.•3 views

Security Bulletin: Security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak. Nginx is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

5.3CVSS6.8AI score0.02857EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 1:44 p.m.•3 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

6.3CVSS6.6AI score0.00032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 1:42 p.m.•6 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation

Summary A security vulnerability in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkze...

6.3CVSS6.6AI score0.00032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 1:39 p.m.•3 views

Security Bulletin: Multiple security vulnerabilities in Python affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Python affects IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

8.9CVSS6.9AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 1:39 p.m.•3 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core (CVE-2025-68161)

Summary SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core CVE-2025-68161. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j...

6.3CVSS6.4AI score0.00029EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 1:37 p.m.•11 views

Security Bulletin: Multiple security vulnerabilities in Python affects IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTIO...

8.9CVSS6.9AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 1:35 p.m.•7 views

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

7.5CVSS6.7AI score0.00046EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 1:0 p.m.•5 views

Security Bulletin: Memory Safety Vulnerabilities in SSH Agents and Servers: Out-of-Bounds Read and Unbounded Memory Consumption, affects watsonx.data

Summary SSH Agent servers are vulnerable to out-of-bounds reads when processing malformed new identity requests, which can cause the agent to panic. Additionally, SSH servers handling GSSAPI authentication requests do not validate the number of mechanisms specified, potentially allowing attackers...

5.3CVSS6.7AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/23 10:6 a.m.•3 views

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to Java SE (CVE-2025-53066,CVE-2025-53057 )

Summary Vulnerabilities in Java SE may affect IBM Storage Insights. Vulnerability CVE-2025-53066 could allow a remote attacker to cause high confidentiality impact, no integrity impact, and no availability impact. Vulnerability CVE-2025-53057 could allow a remote attacker to cause no...

7.5CVSS6.7AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 9:21 p.m.•9 views

Security Bulletin: IBM Sterling Connect:Direct for Unix is impacted by vulnerabilities due to IBM Java 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 17 to address the issues. Vulnerabilit...

9.8CVSS6.9AI score0.00089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 8:12 p.m.•7 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server could provide weaker than expected security when using the Security Utility to encode a secret. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security when using the...

9.8CVSS5.5AI score0.00035EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 4:47 p.m.•4 views

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2025-12635 and CVE-2025-14914).

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2025-12635 and CVE-2025-14914. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTIO...

7.6CVSS5.8AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 4:43 p.m.•6 views

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2025-12635 and CVE-2025-14914).

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2025-12635 and CVE-2025-14914. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address these vulnerabilities. Vulnerability Details...

7.6CVSS5.8AI score0.00019EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 4:42 p.m.•6 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages.

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has a...

8.9CVSS6.9AI score0.00079EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 4:40 p.m.•6 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2026-24486,CVE-2025-50537,CVE-2026-24688)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION: Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using...

8.6CVSS6.9AI score0.01021EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 4:39 p.m.•4 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2018-20225, CVE-2025-6985, CVE-2025-54368)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intend...

7.8CVSS6.7AI score0.03726EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 4:38 p.m.•9 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2025-62727, CVE-2025-58754)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker...

7.5CVSS6.7AI score0.00257EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 4:36 p.m.•5 views

Security Bulletin: IBM watsonx.data integration has vulnerabilities due to open source packages (CVE-2025-55197)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-55197 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM bein...

8.7CVSS7AI score0.00164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 3:48 p.m.•4 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-27903)

Summary IBM Security SOAR uses an older version of the minimatch component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.1 Vulnerability Details CVEID:CVE-2026-27903 DESCRIPTION:...

7.5CVSS5.6AI score0.00036EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 3:46 p.m.•3 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-26996)

Summary IBM Security SOAR uses an older version of the minimatch component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.1 Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION:...

8.7CVSS5.6AI score0.00026EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 3:44 p.m.•4 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-25639)

Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is...

7.5CVSS7.4AI score0.00044EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 11:43 a.m.•7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745

Summary IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The...

8.2CVSS6.7AI score0.00011EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 10:54 a.m.•9 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core (CVE-2025-68161)

Summary IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostnam...

6.3CVSS6.5AI score0.00029EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 10:42 a.m.•7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses filelock which is vulnerable to CVE-2025-68146

Summary IBM Maximo Application Suite - Visual Inspection component uses filelock which is vulnerable to CVE-2025-68146, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent fi...

6.5CVSS7.4AI score0.00004EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 10:10 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-23490

Summary IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-23490 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic ASN.1 library for...

7.5CVSS6.9AI score0.00032EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 8:22 a.m.•4 views

Security Bulletin: Symlink Traversal Vulnerability in pip Tar Extraction Fallback on Pre-PEP 706 Python Versions, watsonx.data

Summary A vulnerability in pip allows improper handling of symbolic links during tar extraction on older Python versions without PEP 706, potentially leading to path traversal outside the intended directory; updating pip and Python mitigates the risk. This can affect watsonx.data. Vulnerability...

5.9CVSS6.8AI score0.00022EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 8:21 a.m.•3 views

Security Bulletin: Command Injection Vulnerability in FastMCP server_name Field Enables Arbitrary Command Execution on Windows affects watsonx.data

Summary FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This can affect...

7.8CVSS6.1AI score0.00049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 8:20 a.m.•4 views

Security Bulletin: Uninitialized Memory Exposure in node-tar list/t Sync Mode When Tar File Is Modified During Read affect IBM watsonx.data

Summary node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2. These can affect IBM watsonx.data...

6.1CVSS6.7AI score0.00005EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 8:20 a.m.•3 views

Security Bulletin: StackOverflowError Denial-of-Service Vulnerability in Apache Commons Lang ClassUtils.getClass() Due to Uncontrolled Recursion affects watsonx.data

Summary Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very lo...

5.3CVSS6.5AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 7:32 a.m.•4 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT serve...

7.5CVSS6.6AI score0.01278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins•added 2026/03/20 6:32 a.m.•4 views

Security Bulletin: due to the use of IBM WebSphere Application Server and WebSphere Application Server Liberty, IBM Watson Explorer is vulnerable to a cross-site scripting vulnerability.

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE CVE-2025-12635 Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

5.4CVSS5.7AI score0.00019EPSS
Exploits0Affected Software1
Total number of security vulnerabilities34922