35598 matches found
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp package
Summary Due to use of the path-to-regexp package, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression is generated any time you...
Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)
Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...
Security Bulletin: Due to use of Google Protocol Buffers, IBM Operations Analytics – Log Analysis is affected by denial of service.
Summary Google Protocol Buffers in Apache Solr is used by IBM Operations Analytics – Log Analysis as part of the data serialization and communication between services. CVE-2021-22570. Vulnerability Details CVEID:CVE-2021-22570 DESCRIPTION: Nullptr dereference when a null char is present in a prot...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a specific "Gadget" attack chain and proxy bypass and SSRF vulnerabilities due to Node js module axios (CVE-2025-62718 & CVE-2026-40175)
Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to a specific "Gadget" attack chain and proxy bypass and SSRF vulnerabilities due to Node js module axios. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios ...
Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2024-29371).
Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2024-29371. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before...
Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.
Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2024-29371. IBM WebSphere Liberty has been updated within IBM CICS TX Standard to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before...
Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2024-29371).
Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2024-29371. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In...
Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management
Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF19 patch. Vulnerability Details CVEID:CVE-2022-39135 DESCRIPTION: Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML Extern...
Security Bulletin: IBM Storage Protect Operations Center is affected by vulnerabilities in the dojo-profile library that could allow prototype pollution or improper handling of crafted PNG inputs (CVE-2021-23450, CVE-2008-6681, CVE-2010-2273).
Summary IBM Storage Protect Operations Center uses the dojo-profile library in certain components. Vulnerabilities in this library may allow prototype pollution or improper handling of specially crafted PNG files, which could lead to memory corruption or denial-of-service conditions in applicatio...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in commons-io library
Summary Vulnerabilities have been identified in commons-io library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache-Velocity library
Summary Vulnerabilities have been identified in Apache-Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java cod...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Eclipse IDE versions
Summary Vulnerabilities have been identified in Eclipse IDE versions before 2023-09 4.29, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: In Eclipse IDE versions 2023-09 4.29 some files with xml content are...
Security Bulletin: IBM Engineering Lifecycle Management - Engineering Test Management is impacted by vulnerabilities in Apache PDFBox
Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Engineering Test Management Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of Resources in net/textproto [CVE-2025-61724]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Allocation of Resources in net/textproto, due to an issue in the Reader.ReadResponse function which can cause excessive CPU consumption CVE-2025-61724. Net/textproto is used in our speech utilities. This vulnerabilitiy has bee...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Improper Input Validation due to Apache Tomcat ( CVE-2026-24734 )
Summary IBM Integration Bus for z/OS is vulnerable to Improper Input Validation due to Apache Tomcat. Vulnerability Details CVEID:CVE-2026-24734 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native and Tomcat's FF...
Security Bulletin: Denial of service, security controls bypass, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to denial of service, security controls bypass, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases involving certain custom...
Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...
Security Bulletin: DevOps Test Performance contains a vulnerability due to use of Spring Boot
Summary Due to use of Spring Boot, DevOps Test Performance and Rational Performance Tester contain a potential authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass"...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Framework MVC and WebFlux
Summary Due to use of Spring Framework MVC and WebFlux, DevOps Test Performance and Rational Performance Tester contain a potential stream corruption vulnerability. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jackson-core library
Summary Due to use of the jackson-core library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use Apache CXF
Summary Due to use of Apache CXF, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server
Summary Due to use of the Undertow web server, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-9784 DESCRIPTION: A flaw was found in Undertow where malformed client requests can trigger server-si...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Apache Commons Lang
Summary Due to use of Apache Commons Lang, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apach...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in Node.js
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to multiple vulnerabilities in Node.js and LangChain. CVE-2026-2359, CVE-2026-3304, CVE-2026-3520, CVE-2026-29063, CVE-2026-24001, CVE-2025-69873, CVE-2026-31808. The vulnerabilities have been addressed. Vulnerability Detail...
Security Bulletin: ELM on Hybrid Cloud vulnerabilities addressed in 2.0.0
Summary This release addresses security vulnerabilities in application and operator images of ELM on Hybrid cloud offering. Identified vulnerabilities identified below relate to the underlying OS packages and language dependencies which impacts the product within the deployed environment. One of...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Arbitrary Code Injection due to Node js module jsonpath (CVE-2026-1615)
Summary IBM App Connect Enterprise runtime is vulnerable to Arbitrary Code Injection due to Node js module jsonpath. Vulnerability Details CVEID:CVE-2026-1615 DESCRIPTION: Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-suppli...
Security Bulletin: The IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)
Summary WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 with the restConnector-1.0 or restConnector-2.0 feature enabled is affected by a remote code execution vulnerability. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM Engineering Test Management are affected by cross-site scripting (CVE-2025-12635)
Summary IBM WebSphere Application Server is affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. Following IBM® Engineering Lifecycle Management...
Security Bulletin: IBM Engineering Lifecycle Management products using IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by cross-site scripting (CVE-2025-12635)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled, due to improper validation of user-supplied input. An attacker could...
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)
Summary IBM WebSphere Application Server Liberty with versions ranging 17.0.0.3 - 26.0.0.2 could provide weaker than expected security when using the Security Utility when administering security settings. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it ha...
Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty may be affected by a denial of service due to jose4j (CVE-2024-29371)
Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test...
Security Bulletin: Security vulnerability has been found in IBM Security Verify Directory (Container) used by IBM Security Verify Governance Identity Manager Adapters
Summary IBM Security Verify Governance Identity Manager Adapters uses IBM Security Verify Directory Container. Information about security vulnerability affecting IBM Security Verify Directory Container has been published in security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: Multiple vulnerabilities in IBM Tivoli Network Configuration Manager IP Edition (ITNCM)
Summary Multiple vulnerabilities were addressed in ITNCM version 6.4.2 Fix Pack 24 6.4.2.24 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server, which impacts IBM Tivoli Netcool Configuration Manager
Summary IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Multiple vulnerabilities were addressed in IBM WebSphere Application Server CVE-2024-29371,CVE-2025-13333. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Spring Framework
Summary Due to use of the Spring Framework, DevOps Test Performance and Rational Performance Tester contain a potential path traversal vulnerability. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Netty framework
Summary Due to use of the Netty framework, DevOps Test Performance and Rational Performance Tester contain a potential HTTP request smuggling vulnerability. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the brace-expansion Node.js library
Summary Due to use of the brace-expansion Node.js library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of yaml JavaScript library
Summary Due to use of the yaml JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document...
Security Bulletin: Due to use of spring-webmvc-6.2.16.jar, IBM Sterling Connect:Direct Web Services is affected by disclosure of content from files outside the configured locations for script template views.
Summary spring-webmvc-6.2.16.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosur...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Undertow web server library
Summary Due to use of the Undertow web server library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-3260 DESCRIPTION: A flaw was found in Undertow. A remote attacker could exploit this...
Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of the Lodash JavaScript library
Summary Due to use of the Lodash JavaScript library, DevOps Test Performance and Rational Performance Tester contain potential Prototype Pollution and Arbitrary Code Injection vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...
Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of the Lodash JavaScript library
Summary Due to use of the Lodash JavaScript library, DevOps Test Performance and Rational Performance Tester contain potential Arbitrary Code Injection and Prototype Pollution vulnerabilities. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jakarta.mail library
Summary Due to use of the jakarta.mail library, DevOps Test Performance and Rational Performance Tester contain a potential SMTP injection vulnerability. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the xmldom JavaScript library
Summary Due to use of the xmldom JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential XML injection vulnerability. Vulnerability Details CVEID:CVE-2026-34601 DESCRIPTION: xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Security
Summary Due to use of Spring Security, DevOps Test Performance and Rational Performance Tester contain a vulnerability that can potentially result in clickjacking, XSS, and sensitive data exposure via caching. CVE-2026-22732 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When application...
Security Bulletin: DevOps Test Performance contains vulnerabilities related to use of the lodash library
Summary Due to use of the lodash library, DevOps Test Performance and Rational Performance Tester contain vulnerabilities that can result in Denial of Service DoS or potential Remote Code Execution RCE. Vulnerability Details CVEID:CVE-2018-16487 DESCRIPTION: A prototype pollution vulnerability wa...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the form-data libary
Summary Due to use of the form-data library, DevOps Test Performance and Rational Performance Tester contain a potential HTTP Parameter Pollution HPP vulnerability CVE-2025-7783. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in axios
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in axios. CVE-2026-25639 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to openid4java
Summary IBM webMethods BPM uses openid4java to implement OpenID-based authentication Vulnerability Details CVEID:CVE-2011-4314 DESCRIPTION: message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before...
Security Bulletin: Due to use of jackrabbit-spi-commons IBM webMethods BPM is vulnerable to loading privileges using unsecured document build
Summary IBM webMethods BPM is using jackrabbit-spi-commons which is affected by a known vulnerability CVE-2025-53689. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58782 DESCRIPTION: Deserialization of Untrusted Data vulnerability i...