Lucene search
K

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:39 a.m.6 views

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in Jinja via xmlattr Filter Attribute Injection affects watsonx.data

Summary A vulnerability in Jinja allows attackers to inject arbitrary HTML attributes through the xmlattr filter, potentially bypassing escaping and validation mechanisms. This can lead to Cross-Site Scripting XSS in affected applications. This can affect watsonx.data. Vulnerability Details...

8.8CVSS7.2AI score0.00979EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:37 a.m.8 views

Security Bulletin: Denial-of-Service Vulnerability in WebAssembly Micro Runtime (WAMR) LLVM-JIT Mode (≤ v2.4.1) affects watsonx.data

Summary A vulnerability in WebAssembly Micro Runtime WAMR prior to v2.4.2 causes the runtime to hang or crash when executing WebAssembly programs with memory.fill instructions targeting addresses ≥ 2 GiB in LLVM-JIT mode. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-58749...

7.4CVSS5.8AI score0.00344EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:36 a.m.11 views

Security Bulletin: Local Out-of-Bounds Write Vulnerability in mruby ary_fill_exec Function (v3.4.0), affects watsonx.data

Summary A local vulnerability in mruby v3.4.0 allows out-of-bounds writes via the aryfillexec function when manipulating the start or length arguments. Exploits are publicly available, and applying the patch 93619f06dd378db6766666b30c08978311c7ec94 is recommended. This can affect watsonx.data...

7.8CVSS4.9AI score0.0024EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:4 a.m.10 views

Security Bulletin: Vulnerability in golang.org/x/crypto bundled with IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI and IBM Fusion Content-Aware Storage include golang.org/x/crypto which could cause early termination of client process. CVE-2025-47913. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response...

7.5CVSS5.9AI score0.00591EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 6:45 a.m.5 views

Security Bulletin: Certificate Name Constraints Algorithm Vulnerable to Non-Linear Processing DoS affects watsonx.data

Summary A flaw in the certificate name constraints checking algorithm can lead to non-linear processing time, allowing specially crafted certificate chains to cause excessive resource consumption and potential Denial-of-Service DoS. This can affect watsonx.data. Vulnerability Details...

7.5CVSS7.2AI score0.00384EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 6:44 a.m.11 views

Security Bulletin: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability (ZDI-CAN-21876), affects watsonx.data

Summary Ruby WEBrick is vulnerable to HTTP request smuggling via the readheader method due to inconsistent parsing of HTTP header terminators. Exploitation is possible when deployed behind certain HTTP proxies, allowing attackers to smuggle arbitrary HTTP requests. This can affect watsonx.data...

6.5CVSS6AI score0.00422EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 6:42 a.m.4 views

Security Bulletin: Highlight.js Prototype Pollution Vulnerability in Code Block Parsing, affects watsonx.data

Summary Highlight.js versions prior to 9.18.2 and 10.1.2 are vulnerable to prototype pollution via malicious HTML in user-supplied code blocks. This can cause unexpected application behavior or crashes, representing a potential DoS vector. This can affect watsonx.data. Vulnerability Details...

8.7CVSS5.9AI score0.01296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 1:7 a.m.5 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access OIDC Provider

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2026-24051 DESCRIPTION: OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking...

7CVSS7.2AI score0.00157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 8:21 p.m.4 views

Security Bulletin: Vulnerabilities in Glob might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Glob. The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names as described by the CVEs in the...

7.5CVSS7.1AI score0.03026EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 8:13 p.m.10 views

Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Premium Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any proje...

9.4CVSS7.4AI score0.01735EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 7:42 p.m.4 views

Security Bulletin: This Power System update is being released to address CVE-2025-38556

Summary The affects the Universal Serial Bus USB ports of the system's management interface. Vulnerability Details CVEID:CVE-2025-38556 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzz...

7.1CVSS5.9AI score0.0015EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 7:41 p.m.4 views

Security Bulletin: This Power System update is being released to address CVE-2025-38556

Summary This affects the system management Universal Serial Bus USB interface. Vulnerability Details CVEID:CVE-2025-38556 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton against conversion to 0 bits Testing by the syzbot fuzzer showed that...

7.1CVSS5.9AI score0.0015EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 5:7 p.m.8 views

Security Bulletin: Due to use of Apache Tika, IBM Operations Analytics - Log Analysis is affected by XML External Entity (XXE) vulnerability

Summary Apache Tika in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the extraction of text and metadata from uploaded documents so they can be indexed and searched through Solr's ExtractingRequestHandler. CVE-2025-54988, CVE-2025-66516 Vulnerability Details...

9.8CVSS7AI score0.79807EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:51 p.m.9 views

Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.

Summary IBM ApplinX has been updated in order to address multiple vulnerabilities CVE-2026-27970, CVE-2026-29063, CVE-2025-68161, CVE-2026-27830, CVE-2024-31033, CVE-2026-33671, CVE-2026-33672, CVE-2026-32635, CVE-2025-66035, CVE-2025-66412, CVE-2026-22610, WS-2026-0003. Vulnerability Details...

9.8CVSS7AI score0.00978EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:23 p.m.11 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.22 LTS and 13.0.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

9.1CVSS7.7AI score0.03782EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:20 p.m.3 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution (CVE-2026-29063)

Summary IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in node.js module immutable CVE-2026-29063 Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js...

9.8CVSS6.1AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:17 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to path traversal (CVE-2026-29087) and timing oracle attacks (GHSA-gq3j-xvxp-8hrf)

Summary Node.js module hono is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to path traversal CVE-2026-29087 and timing oracle attacks GHSA-gq3j-xvxp-8hrf. This bulletin provides patch information to address the...

7.5CVSS5.8AI score0.00327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:17 p.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service (CVE-2026-30922)

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Python module pyasn1 CVE-2026-30922 Vulnerability Details...

7.5CVSS6.6AI score0.0058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:16 p.m.9 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator is vulnerable to denial of service (CVE-2026-25518)

Summary Golang module cert-manager/cert-manager is used by IBM App Connect Enterprise Certified Container for interacting with the Kubernetes cluster cert-manager. IBM App Connect Enterprise Certified Container operator is vulnerable to denial of service. This bulletin provides patch information ...

5.9CVSS5.8AI score0.00349EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:14 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting (CVE-2025-15599, CVE-2026-0540) and loss of confidentiality (CVE-2025-68470, CVE-2026-22029)

Summary Node.js modules DomPurify and React Router are used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site-scripting CVE-2025-15599, CVE-2026-0540 and loss of confidentiality CVE-2025-68470,...

8CVSS6.4AI score0.0077EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:13 p.m.9 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality (CVE-2026-27959)

Summary Node.js module Koa is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Node.js modu...

8.2CVSS5.9AI score0.00334EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:9 p.m.10 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service due to vulnerabilities in Node.js dependencies

Summary Node.js is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerabilities in Node.js modules ajv CVE-2025-69873, axios...

8.7CVSS6.7AI score0.02591EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 4:7 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-64718)

Summary Node.js module js-yaml is used by IBM App Connect Enterprise Certified Container for parsing YAML data. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...

5.3CVSS6.3AI score0.00378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 3:44 p.m.3 views

Security Bulletin: DevOps Test Performance contains a vulnerabilty related to use of the qs library

Summary Due to the use of the qs library, DevOps Test Performance and Rational Performance Tester contain a potential denial-of-service vulnerability. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when...

7.5CVSS6.4AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 3:38 p.m.4 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the DOMPurify library

Summary Due to the use of the DOMPurify library, DevOps Test Performance and Rational Performance Tester contain a cross-site scripting XSS vulnerability CVE-2025-15599, CVE-2026-0540 Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8...

6.1CVSS5.9AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 3:30 p.m.6 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the @appium/support package

Summary Due to the use of the @appium/support package, DevOps Test Performance and Rational Performance Tester contain a potential path traversal vulnerability CVE-2026-30973, Vulnerability Details CVEID:CVE-2026-30973 DESCRIPTION: Appium is an automation framework that provides WebDriver-based...

6.5CVSS6AI score0.00388EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 2:15 p.m.2 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a prototype pollution vulnerability in the immutable library with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1,...

9.8CVSS5.9AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 2:12 p.m.8 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a prototype pollution vulnerability in the immutable library with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1,...

9.8CVSS5.9AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 2:11 p.m.6 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a prototype pollution vulnerability in the immutable library with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1,...

9.8CVSS5.9AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 1:55 p.m.11 views

Security Bulletin: EDB PGAI Databases is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in EDB PGAI Databases 18.0. It has been addressed in 18.2. Hence, IBM strongly recommends upgrading to 18.2. Vulnerability Details CVEID:CVE-2021-25317 DESCRIPTION: A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterpri...

9.3CVSS6.2AI score0.02227EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 1:52 p.m.4 views

Security Bulletin: EDB PGAI Hybrid Management with IBM is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in EDB PGAI products - 1 EDB PGAI AI Factory with IBM 1.3.0, 2 EDB PGAI Analytics Accelerator 1.3.0, and 3 EDB PGAI Hybrid Data Management 1.3.0. The vulnerabilities have been addressed in 1.3.4 version. Hence, IBM strongly recommends upgrading to 1.3.4...

9.1CVSS7.2AI score0.73495EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:4 a.m.6 views

Security Bulletin: Unbounded Memory Allocation in Go tar package When Processing Sparse Files, affects watsonx.data

Summary Go tar package's tar.Reader does not limit the number of sparse region blocks in GNU tar pax 1.0 sparse files. Malicious archives with many sparse regions can trigger excessive memory allocation, potentially causing memory exhaustion, even from small compressed inputs. This can affect...

4.3CVSS7AI score0.00419EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:3 a.m.8 views

Security Bulletin: Integer Overflow Leading to Packet Corruption in Eclipse Paho Go MQTT, affects watsonx.data

Summary Eclipse Paho Go MQTT version 1.5.0 contains an integer overflow issue when handling UTF-8 strings longer than 65535 bytes. Improper length conversion can cause malformed MQTT packets, potentially leading to data leakage between fields e.g., topic data leaking into message body. This can...

6.3CVSS7.1AI score0.00197EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:2 a.m.3 views

Security Bulletin: SQL Injection Vulnerability in Apache Hive Metastore Server Thrift APIs, affects watsonx.data

Summary Apache Hive versions 4.1.0 before 4.2.0 are vulnerable to SQL injection in Hive Metastore Server when handling delete column statistics via Thrift APIs. Exploitation is limited to authorized users with API access. Upgrading to 4.2.0 or disabling direct SQL metastore.try.direct.sql=false...

5.4CVSS5.9AI score0.00343EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:1 a.m.4 views

Security Bulletin: Memory Exhaustion Vulnerability in quic-go HTTP/3 Header Processing, affects watsonx.data

Summary quic-go versions 0.56.0 and below are vulnerable to memory exhaustion via specially crafted QPACK-encoded HEADERS frames. Insufficient limits on decoded header sizes allow attackers to trigger excessive memory allocation. This issue is fixed in version 0.57.0. This can affect watsonx.data...

5.3CVSS7.1AI score0.00325EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 11:0 a.m.3 views

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in data-target Attribute Handling in Bootstrap, affects watsonx.data

Summary A Cross-Site Scripting XSS vulnerability in Bootstrap versions before 3.4.0 and 4.0.0-beta.2 allows attackers to inject malicious code via the data-target attribute due to improper input handling. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2016-10735 DESCRIPTION: In...

6.4CVSS6.5AI score0.1686EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:59 a.m.6 views

Security Bulletin: Memory Exhaustion via Excessive Cookies in HTTP Servers, affects watsonx.data

Summary HTTP servers may be vulnerable to memory exhaustion because, while HTTP headers have a 1MB limit, there is no limit on the number of cookies parsed. An attacker can send many small cookies e.g., a=; to trigger excessive memory allocation, potentially leading to high memory usage or...

5.3CVSS7.1AI score0.00534EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:58 a.m.9 views

Security Bulletin: TOCTOU Symlink Vulnerability in filelock, affects watsonx.data

Summary filelock versions prior to 3.20.1 are vulnerable to a Time-of-Check-Time-of-Use TOCTOU race condition. Local attackers can exploit this via symlinks to corrupt or truncate arbitrary files during lock creation on Unix, Linux, macOS, and Windows. The issue is fixed in version 3.20.1; partia...

6.5CVSS7.3AI score0.00184EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:58 a.m.4 views

Security Bulletin: tCRLF Injection Vulnerability in Netty HttpRequestEncoder Leading to Request Smuggling, affects watsonx.data

Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final are vulnerable to CRLF injection in HttpRequestEncoder, allowing request smuggling if URIs are not properly sanitized. The issue is fixed in versions 4.1.129.Final and 4.2.8.Final. This can affect watsonx.data. Vulnerability Details...

6.5CVSS6.6AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 7:8 a.m.19 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.7.0 Vulnerability Details CVEID:CVE-2025-14009 DESCRIPTION: A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The unzipiter function in...

10CVSS7.7AI score0.03026EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:34 p.m.7 views

Security Bulletin: IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205.

Summary IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber...

4.3CVSS4.8AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:21 p.m.4 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Information Disclosure, Buffer Overflow and Denial of Service (DoS) due to Java JSON library ('Jackson')

Summary Jackson is used in Apache Solr, Apache ZooKeeper, and Logstash by IBM Operations Analytics - Log Analysis as part of parsing, generating, or serialising JSON data as part of their request handling, configuration processing, or structured logging workflows. CVE-2025-49128, CVE-2025-52999,...

8.7CVSS6.8AI score0.00634EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:55 p.m.13 views

Security Bulletin: Due to use of Netty, IBM Operations Analytics - Log Analysis is affected by denial of service, information disclosure, and HTTP request smuggling

Summary Netty in Apache ZooKeeper and Logstash is used by IBM Operations Analytics - Log Analysis as part of the client/server network transport layer, and network-related plugins for protocol and event transport. CVE-2014-0193, CVE-2014-3488, CVE-2015-2156, CVE-2019-20444, CVE-2024-47535,...

9.1CVSS6.8AI score0.08914EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:40 p.m.9 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service (DoS), server-side request forgery (SSRF) protections, leak or corrupt request data, and security by-pass due to the use of Eclipse Jetty

Summary Eclipse Jetty in Apache Solr, and Apache ZooKeeper is used by IBM Operations Analytics - Log Analysis as Solr's HTTP endpoints and admin UI, and on Zookeeper as AdminServer HTTP interface. CVE-2024-8184, CVE-2024-6763, CVE-2024-13009, CVE-2025-11143 Vulnerability Details CVEID:CVE-2024-81...

7.2CVSS6.9AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:29 p.m.5 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerability in Lodash (CVE-2025-13465)

Summary SPSS Collaboration and Deployment Services is affected by vulnerability in Lodash CVE-2025-13465. As documented in the remediation section, the vulnerability has been mitigated through removal of the vulnerable Lodash library and application of the recommended remediation measures...

8.2CVSS6.3AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:16 p.m.15 views

Security Bulletin: Investigation Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-27628 DESCRIPTION: pypdf i...

8.7CVSS7.4AI score0.0077EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:12 p.m.5 views

Security Bulletin: IBM OpenAPI SDK Generator (Node.js) is affected by the Axios supply chain attack

Summary Due to an Axios supply chain attack, a fix for IBM Node.js SDK Core https://github.com/IBM/node-sdk-core was made available on April 2, 2026 21:03 UTC to mitigate the attack. If you used a previous version there is a possibility the affected Axios package could have been available on your...

6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 4:27 p.m.19 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in DOMPurify (CVE-2025-15599, CVE-2026-0540)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in DOMPurify CVE-2025-15599, CVE-2026-0540. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a...

6.1CVSS5.9AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 2:33 p.m.7 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by potential data integrity and denial of service due to Apache POI

Summary Apache POI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of extracting text and metadata from document files. CVE‑2022‑26336, CVE‑2025‑31672 Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue...

5.5CVSS6.5AI score0.0152EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 2:27 p.m.6 views

Security Bulletin: IBM Maximo Application Suite uses python-ldap-3.4.4.tar.gz, werkzeug-3.1.4-py3-none-any.whl and werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-61911, CVE-2025-61912, CVE-2026-27199 and CVE-2026-21860.

Summary IBM Maximo Application Suite uses python-ldap-3.4.4.tar.gz, werkzeug-3.1.4-py3-none-any.whl and werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-61911, CVE-2025-61912, CVE-2026-27199 and CVE-2026-21860. This bulletin contains information regarding the vulnerability and its...

6.9CVSS6.4AI score0.00556EPSS
Exploits3Affected Software1
Total number of security vulnerabilities35596