34922 matches found
Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2026 - Includes Oracle January 2026 CPU
Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...
Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2026 - Includes Oracle January 2026 CPU
Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...
Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU
Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...
Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU
Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...
Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU
Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...
Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU
Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...
Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447
Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...
Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447
Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...
Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917
Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...
Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917
Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...
Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (February 2026)
Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754
Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to HTTP Request Smuggling CVE-2025-58056
Summary Netty is used by the IBM Datapower Operations Dashboard in their network implementation Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a StackOverflowError CVE-2025-48924
Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility operations Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to allocation of resources without limits or throttling CVE-2025-8916
Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard in their cryptographic operations Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-11831
Summary Node is used by the IBM Datapower Operations Dashboard in their network implementation Vulnerability Details IBM X-Force ID: 351136 DESCRIPTION: Node.js npm inflight module is vulnerable to a denial of service, caused by the failure to properly delete keys from the reqs object after...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-34109
Summary zxcvbn is used by the IBM Datapower Operations Dashboard to improve password security Vulnerability Details CVEID:CVE-2023-34109 DESCRIPTION: zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform whic...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to improper resource shutdown or release CVE-2025-61795
Summary Apache Tomcat is used by the IBM Datapower Operations Dashboard in their HTTP web server implementation Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the...
Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to allocation of resources without limits or throttling CVE-2025-8885
Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard in their cryptographic operations Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules...
Security Bulletin: IBM Datapower Operations Dashboard may allow remote attackers to access the ClassLoader and execute arbitrary code CVE-2025-48734
Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility implementation Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. Th...
Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable due to jackson-core. (CVE-2025-52999)
Summary jackson-core-2.13.1.jar is updated to jackson-core-2.18.3.jar in the latest IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service repo where security vulnerability is not observed. CVE-2025-52999. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTIO...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution (GHSA-5c6j-r48x-rmvq)
Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in urllib3 (CVE-2026-21441, CVE-2025-66471)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-21441, CVE-2025-66471 reported for urllib3. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTT...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Semeru Runtime Quarterly CPU - Jan 2026
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188 of IBM Semeru Runtime Quarterly CPU - Jan 2026 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service,...
Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)
Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...
Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench is affected by a stack overflow that crashes the Node.js process (CVE-2026-32141)
Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-32141 DESCRIPTION: flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given...
Security Bulletin: IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities
Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002.
Summary IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be...
Security Bulletin: IBM Transformation Extender Advanced is affected by multiple Java vulnerabilities.
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine is affected by it's dependency in Java's multiple vulnerabilities. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable...
Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Master Data Management On Cloud Pak for Data
Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Master Data Management formerly known as IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2194...
Security Bulletin: AIX/VIOS Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)
Summary Vulnerabilities in Perl could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4, XMLExternalEntityParserCreate does n...
Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)
Summary Vulnerabilities in Python could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4,...
Security Bulletin: IBM i is affected by multiple vulnerabilities in OpenSSL
Summary OpenSSL for IBM i is vulnerable to heap-based out-of-bounds write when parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters CVE-2025-15467, writing large, newline-free data into a BIO chain CVE-2025-68160, or calling PKCS12getfriendlyname functio...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to an access control security vulnerability in Ops server (CVE-2025-14031)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed access control security vulnerability Vulnerability Details CVEID:CVE-2025-14031 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway could allow an unauthenticated attacker to send a specially...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to an access control vulnerability in AFT web app ( CVE-2026-1264 )
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed access control security vulnerability Vulnerability Details CVEID:CVE-2026-1264 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway allows a remote unauthenticated attacker to view and delete the...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to spoofing vulnerabilty in MSSQL JDBC driver (CVE-2025-59250)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed MSSQL JDBC driver vulnerability Vulnerability Details CVEID:CVE-2025-59250 DESCRIPTION: Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...
Security Bulletin: CVE-2026-3856 found in IBM Db2 Recovery Expert for Linux, UNIX and Windows v5.5
Summary IBM Db2 Recovery Expert for Linux, UNIX and Windows could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission. Vulnerability Details ID: CVE-2026-3856 DESCRIPTION: IBM DB2 Recovery Expert for Linux, UNIX...
Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...
Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services before 4.6.20 shipped with IBM Cloud Pak for Business Automation iFixes for January 2026.
Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation January 2026 security fixes update this dependency to 4.6.20 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2022-23990 DESCRIPTION: Expat aka...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file (CVE-2026-1265)
Summary A vulnerability due to sensitive information written to a log file in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1265 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to writing of sensitive Information in a log file. CWE:CWE-532:...
Security Bulletin: IBM i is affected by a denial of service vulnerability [CVE-2026-1376]
Summary IBM i is vulnerable to a denial of service using failed authentication connections due to improper allocation of resources CVE-2026-1376 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-1376 DESCRIPTION: IBM i could allow a remote attacker to cause a...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by cross-site scripting due to WebSphere Application Server Liberty
Summary WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of managing the lifecycle of Java servlets and client. CVE-2025-12635. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...
Security Bulletin: Race Condition in Eclipse Jersey (Versions 2.45, 3.0.16, 3.1.9) May Bypass Critical SSL Configurations and Compromise Secure Connections, affects watsonx.data
Summary In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by security bypass, denial of service, cross-site scripting and remote code execution vulnerabilities due to WebSphere Application Server Liberty
Summary WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of the web protection mechanism, interact with JSON data, authenticate and authorize client access for JMS messaging, manage the lifecycle of Java servlets and client, validation of user-suppli...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses urllib3 dependency which is vulnerable to CVE-2026-21441.
Summary IBM Maximo Application Suite - Visual Inspection Component uses urllib3 dependency which is vulnerable to CVE-2026-21441.This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034.
Summary IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66034 DESCRIPTION: fontTools is a library fo...
Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.313 Vulnerability Details CVEID:CVE-2025-49177 DESCRIPTION: A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a clie...
Security Bulletin: IBM Informix 12.10.xC16W6 updated to use the latest version of Java to address the Java vulnerabilities.
Summary IBM's Java version has been updated to 8.0.8.60 with Informix 12.10.xC16W6 to address multiple IBM Java vulnerabilities Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml, minimatch, and react-router
Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml CVE-2025-64718, minimatch CVE-2026-26996, CVE-2026-27903, CVE-2026-27904, react-router CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030. This has been addressed in the...
Security Bulletin: IBM Transformation Extender Advanced is affected by a IBM WebSphere Application Server Liberty vulnerability
Summary IBM WebSphere Application Server Liberty is used by IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine. Liberty has been updated to address CVE-2025-14923 which causes a weaker then expected security posture when using the Security Utility contained in...