Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 4:4 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925 and CVE-2026-1188 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

9.8CVSS6.2AI score0.00089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 2:17 p.m.10 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to...

8.8CVSS6.1AI score0.00258EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 1:36 p.m.8 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-470...

8.4CVSS7.5AI score0.00261EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 12:10 p.m.7 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All...

7.5CVSS5.7AI score0.00257EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 12:4 p.m.9 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...

7.5CVSS6.5AI score0.00257EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 8:47 a.m.9 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service

Summary IBM Event Streams is vulnerable to a denial of service due to improper buffer release in quarkus-resteasy. CVE-2025-1634 Vulnerability Details CVEID:CVE-2025-1634 DESCRIPTION: A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low...

7.5CVSS5.8AI score0.00462EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 8:45 a.m.7 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional which could provide weaker than expected security.

Summary The security issue described in CVE-2025-13333 has been identified in the WebSphere Application Server traditional included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

4.9CVSS5.4AI score0.00014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 8:44 a.m.9 views

Security Bulletin: IBM Event Streams is vulnerable to an OutOfMemoryError (CVE-2025-1948)

Summary IBM Event Streams is vulnerable to an OutOfMemoryError due to uncontrolled memory allocation in Jetty HTTP/2. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 setting...

7.5CVSS7.4AI score0.00576EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 8:41 a.m.6 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to information disclosure (CVE-2025-68429)

Summary IBM Event Endpoint Management may be vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2025-68429 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior t...

7.3CVSS5.6AI score0.00013EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 8:0 a.m.10 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.(CVE-2025-36407)

Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36407 DESCRIPTION: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...

6.5CVSS5.5AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 7:45 a.m.22 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using certain functions in a query (CVE-2025-36366)

Summary IBM® Db2® could allow a user to cause a denial of service by executing a query that invokes the JSONObject scalar function, which may trigger an unhandled exception leading to abnormal server termination. Vulnerability Details CVEID:CVE-2025-36366 DESCRIPTION: IBM Db2 for Linux, UNIX and...

6.5CVSS5.5AI score0.00046EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 7:33 a.m.12 views

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Critical XXE in Apache Tika (CVE-2025-54988)

Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to Apache Tika 1.13 through and including 3.2.1 on all platforms . These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 throu...

9.8CVSS5.5AI score0.00021EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 4:45 a.m.5 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2025-13333)

Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and could provide weaker than expected security. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability Details Refer to th...

4.9CVSS5.3AI score0.00014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 4:39 a.m.10 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kafka-clients

Summary IBM webMethods BPM uses kafka-clients.jar which is pulled in automatically as a dependency of webmethods event streaming library, Kafka-clients.jar provides Apache Kafka client APIs for producing and consuming messages. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: A security...

8.8CVSS7.6AI score0.94055EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 4:38 a.m.6 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to bc-fips

Summary IBM webMethods BPM uses bc-fips which is pulled in by webMethods Integration Server core for FIPS-compliant cryptographic operations. The BPM Process Engine relies on IS infrastructure for security but doesn't directly use Bouncy Castle APIs. Vulnerability Details CVEID:CVE-2025-8885...

6.3CVSS5.5AI score0.00121EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 4:37 a.m.10 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to log4j-core

Summary IBM webMethods BPM uses log4j-core for process instance-specific logging in the BPM Process Engine, creating individual log files for each process instance to track execution details, errors, and debugging information separately from the general system logs. Vulnerability Details...

8.5CVSS6.5AI score0.53591EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 4:35 a.m.5 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kotlin-stdlib

Summary IBM webMethods BPM uses kotlin-stdlib in all Kotlin-based modules to provide core Kotlin language support and runtime utilities. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation...

5.3CVSS8.4AI score0.00004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/17 4:32 a.m.5 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to snappy-java

Summary IBM webMethods BPM uses snappy-java which is automatically pulled in by kafka-clients as a compression codec dependency. The project doesn't directly use Snappy; it's used internally by Kafka for efficient message compression when streaming events through webmethods's event streaming...

7.5CVSS5.5AI score0.01503EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 10:23 p.m.9 views

Security Bulletin: IBM Jazz Reporting Service (Lifecycle Query Engine - LQE) is affected by SPARQL Exposure and Denial‑of‑Service Vulnerabilities.

Summary Multiple vulnerabilities were identified in IBM Jazz Reporting Service Lifecycle Query Engine - LQE SPARQL endpoints that may allow information disclosure and service degradation by authenticated, lower‑privileged users with network access CVE-2025-27550, CVE-2025-2134, CVE-2025-1823...

3.5CVSS5.5AI score0.00017EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 10:5 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprice WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprice WebApps version 1.0.1 Vulnerability Details CVEID:CVE-2025-66567 DESCRIPTION: The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an...

9.3CVSS5.7AI score0.0005EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 3:12 p.m.14 views

Security Bulletin: File permission modification, improper access control, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to file permission modification, improper access control, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool for manipulating Python wheel files, ...

8.8CVSS8.9AI score0.00258EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 2:53 p.m.5 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-13333)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a weaker than expected security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the securit...

4.9CVSS5.5AI score0.00014EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 1:22 p.m.5 views

Security Bulletin: IBM webMethods Integration Server is vulnerable to HTML injection

Summary IBM webMethods Integration Sever is vulnerable to HTML injection in Security Claims UI. CVE-2025-14289. Vulnerability Details CVEID:CVE-2025-14289 DESCRIPTION: IBM webMethods Integration is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed...

5.4CVSS5.6AI score0.00044EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 12:33 p.m.13 views

Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)

Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...

9.8CVSS5.5AI score0.01579EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 11:58 a.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to relative path traversal (CVE-2025-22873)

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to relative path traversal due to use of Golang module "os". This bulletin provides patch information to address the reported vulnerability in Golang module "os" CVE-2025-22873 Vulnerability Details...

3.8CVSS5.5AI score0.00004EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 9:23 a.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.4.0 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by...

8.7CVSS7.2AI score0.00092EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 9:12 a.m.6 views

Security Bulletin: OpenSSL stack buffer overflow vulnerability affect IBM Cloud Pak System [CVE-2025-15467]

Summary Stack buffer overflow vulnerability in OpenSSL shipped with OS Image for Red Hat Enterprise Linux System affect IBM Cloud Pak System. Stack buffer overflow that can be exploited by a remote attacker to cause a Denial of Service DoS or potentially allow for remote code execution...

8.8CVSS7.3AI score0.02889EPSS
Exploits7Affected Software4
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 8:38 a.m.6 views

Security Bulletin: IBM Java Buffer overflow vulnerability affects IBM Cloud Pak System[CVE-2026-1188]

Summary IBM Java Buffer overflow vulnerability in Eclipse OMR port library affects IBM Cloud Pak System. Vulnerability was addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an AP...

9.8CVSS6.1AI score0.00025EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 5:39 a.m.13 views

Security Bulletin: Due to use of Apache Log4j, IBM Sterling Connect:Direct Web Services is affected by TLS hostname verification issue.

Summary Apache Log4j is used by IBM Sterling Connect:Direct Web Services CVE-2025-68161. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when...

6.3CVSS5.5AI score0.00029EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/16 5:36 a.m.6 views

Security Bulletin: Due to use of Rhino JAR , IBM Sterling Connect:Direct Web Services is affected by high CPU consumption and a potential Denial of Service issue.

Summary rhino-1.7R4.jar is used by IBM Sterling Connect:Direct Web Services CVE-2025-66453. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an...

7.5CVSS5.6AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/13 8:51 a.m.9 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS7.4AI score0.00261EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/12 2:42 p.m.8 views

Security Bulletin: IBM Integration Designer is vulnerable to improper access control (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925 )

Summary Vulnerability in the IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable...

7.5CVSS5.7AI score0.00089EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/12 2:34 p.m.11 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility (CVE-2025-1470, CVE-2025-1471)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 11 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-1470 DESCRIPTION: In...

7.8CVSS7.5AI score0.00105EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/12 10:35 a.m.25 views

Security Bulletin: Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability

Summary Apache Lucene PRISMA-2021-0081 X-Force 216835 security vulnerability in FileNet Content Manager FNCM Content Search Services CSS/Enterprise Content Management Text Search ECMTS. CSS/ECMTS is affected and is potentially vulnerable. Vulnerability Details Refer to the security bulletins list...

7.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/12 9:27 a.m.5 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-13333)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

4.9CVSS5.5AI score0.00014EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 8:17 p.m.17 views

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause no confidentiality impact, high integrity impac...

7.5CVSS8AI score0.54214EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 4:52 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software

Summary Multiple vulnerabilities were addressed in IBM Security QRadar EDR Software version 3.12.24 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by readi...

8.9CVSS5.9AI score0.0004EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 4:23 p.m.7 views

Security Bulletin: IBM Security QRadar EDR Software has multiple vulnerabilities

Summary IBM Security QRadar EDR Software is affected by multiple vulnerabilities that could allow an attacker to perform cross-site scripting XSS attacks or exploit weak cryptographic algorithms to decrypt sensitive information. These vulnerabilities have been addressed in version 3.12.24...

8.8CVSS4.7AI score0.00096EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 4:16 p.m.5 views

Security Bulletin: A vulnerability in IBM Semeru Runtime affects z/Transaction Processing Facility

Summary There is a vulnerability in IBM® Semeru Runtime Certified Edition 11 and IBM® Semeru Runtime Certified Edition 21 that are used by the z/TPF system. z/TPF has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component sin...

9.8CVSS6AI score0.00025EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 11:56 a.m.9 views

Security Bulletin: IBM Event Processing is vulnerable to command injection vulnerability (CVE-2025-64756)

Summary IBM Event Processing is vulnerable to command injection vulnerability due to Glob matches files. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI...

7.5CVSS6.4AI score0.00025EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 10:28 a.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM shipped with IBM Buinses Automation Workflow (Januar 2026 CPU and CVE-2026-1188)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server in IBM Business Automtation Workflow traditional. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

9.8CVSS5.5AI score0.00025EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 9:57 a.m.11 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2026-24513, CVE-2026-1580, CVE-2026-24514, CVE-2026-24512)

Summary IBM Cloud Kubernetes Service is affected by multiple Kubernetes Ingress Controller security vulnerabilities. - A user with access to create or update Ingress objects can use the rules.http.paths.path Ingress field to inject configuration into nginx CVE-2026-24512 - The...

8.8CVSS5.6AI score0.00082EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 7:25 a.m.8 views

Security Bulletin: IBM Operational Decision Manager for January 2026 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-13465...

7.9CVSS6.6AI score0.00485EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 7:13 a.m.12 views

Security Bulletin: Multiple vulnerabilities in IBM webMethods Integration Server

Summary Multiple vulnerabilities were addressed in IBM webMethods Integration Server fixes. Vulnerability Details CVEID:CVE-2025-49128 DESCRIPTION: Jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. Starting in version...

9.8CVSS7.7AI score0.50829EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 4:43 a.m.8 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to denial-of-service due to IBM Java Runtime

Summary A buffer-overflow flaw in the OMR component of the OpenJ9 JVM may allow a local attacker to inflict a denial-of-service by inducing a JVM crash. IBM Sterling Secure Proxy has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port libra...

9.8CVSS6AI score0.00025EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/11 4:42 a.m.5 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to denial-of-service due to IBM Java Runtime

Summary A buffer-overflow flaw in the OMR component of the OpenJ9 JVM may allow a local attacker to inflict a denial-of-service by inducing a JVM crash. IBM Sterling External Authentication Server has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the...

9.8CVSS6AI score0.00025EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 8:43 p.m.10 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2025-53066 ,CVE-2025-53057]

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.5CVSS5.5AI score0.00068EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 5:7 p.m.14 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to uncontrolled recursion due to Apache Commons Lang.

Summary The methods ClassUtils.getClass... in Apache Commons Lang can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. IBM Sterling Secure Proxy has addressed the applicabl...

5.3CVSS5.5AI score0.00099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 4:39 p.m.5 views

Security Bulletin: Authlib JOSE Denial of Service via Unbounded JWS or JWT Header and Signature Parsing, affects watsonx.data

Summary Authlib versions before 1.6.5 are vulnerable to a denial-of-service attack where oversized JWS/JWT headers or signatures consume excessive CPU and memory during parsing. The issue is fixed in 1.6.5, temporary mitigations include enforcing token size limits and request throttling. This can...

7.5CVSS5.6AI score0.00424EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/02/10 4:38 p.m.7 views

Security Bulletin: Starlette FileResponse Range Header Parsing DoS Vulnerability, affects watsonx.data

Summary Starlette versions 0.39.0–0.49.0 allow unauthenticated attackers to cause CPU exhaustion by sending crafted HTTP Range headers to file-serving endpoints. The issue is fixed in version 0.49.1. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette i...

7.5CVSS5.6AI score0.00068EPSS
Exploits0Affected Software1
Total number of security vulnerabilities34926