Lucene search
K

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 1:59 p.m.3 views

Security Bulletin: Maximo AI Service uses werkzeug-3.1.5-py3-none-any.wh which is vulnerable to CVE-2026-27199.

Summary Maximo AI Service uses werkzeug-3.1.5-py3-none-any.wh which is vulnerable to CVE-2026-27199. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library...

6.3CVSS6.5AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 1:58 p.m.6 views

Security Bulletin: Maximo AI Service uses qs-6.14.1.tgz and flask-3.0.3-py3-none-any.whl which is vulnerable to CVE-2026-2391 and CVE-2026-27205.

Summary Maximo AI Service uses qs-6.14.1.tgz and flask-3.0.3-py3-none-any.whl which is vulnerable to CVE-2026-2391 and CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit opti...

7.5CVSS6.4AI score0.00478EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 1:37 p.m.5 views

Security Bulletin: Due to the use of Logback, IBM Operations Analytics - Log Analysis is affected by Server‑Side Request Forgery (SSRF), and arbitrary code is being executed.

Summary Logback in Apache Zookeeper is used by IBM Operations Analytics - Log Analysis as part of the logging implementation. CVE-2024-12798, CVE-2024-12801. Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including...

5.9CVSS7AI score0.00404EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 1:27 p.m.6 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by insufficiently privileged clients to execute snapshot and restore commands due to Apache Zookeeper

Summary Apache Zookeeper in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the coordination and configuration management backbone for SolrCloud. CVE-2025-58457. Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer le...

4.3CVSS7AI score0.00294EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 12:34 p.m.6 views

Security Bulletin: Vulnerabilities in llama_index_core bundled with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes llamaindexcore which could allow Denial of Service DoS, steal proprietary models, poison cached embeddings, conduct symlink attacks. CVE-2025-5472, CVE-2024-12911, CVE-2024-12704, CVE-2025-5302, CVE-2025-7647. Vulnerability...

8.6CVSS7AI score0.00761EPSS
Exploits3Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 12:28 p.m.10 views

Security Bulletin: IBM DataPower Gateway potentially affected by multiple vulnerabilities in JRE

Summary While IBM DataPower Gateway does not itself use Java and is therefore not vulnerable to these CVEs, some bundled components do, hence the JRE has been updated to address the listed issues Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service,...

9.8CVSS6.7AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 12:27 p.m.6 views

Security Bulletin: IBM DataPower Gateway affected by potential memory corruption

Summary This kernel CVE may cause crashes or memory corruption. Vulnerability Details CVEID:CVE-2025-39971 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when...

6.2AI score0.00193EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 12:24 p.m.4 views

Security Bulletin: IBM DataPower Gateway vulnerable to Prototype Pollution

Summary The affected package is used by the DataPower UI Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep, mergeDeepWit...

9.8CVSS7.1AI score0.00978EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 12:20 p.m.6 views

Security Bulletin: IBM DataPower Gateway affected by integer overflow in OS kernel

Summary This flaw may affect TCP networking. Vulnerability Details CVEID:CVE-2022-50865 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in struct sock is int, and in...

6.2AI score0.00168EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 11:24 a.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.3.1 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject...

7.5CVSS5.2AI score0.00613EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:57 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses python_multipart-0.0.21-py3-none-any.whl which is vulnerable to CVE-2026-24486

Summary IBM Maximo Application Suite - Visual Inspection component uses pythonmultipart-0.0.21-py3-none-any.whl which is vulnerable to CVE-2026-24486 This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION:...

8.6CVSS6AI score0.02228EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:17 a.m.2 views

Security Bulletin: There is a vulnerability in lodash-4.17.21.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-13465)

Summary There is a vulnerability in lodash-4.17.21.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An...

8.2CVSS5.9AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:16 a.m.8 views

Security Bulletin: There is a vulnerability in cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-26007)

Summary There is a vulnerability in cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes...

8.2CVSS5.9AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:16 a.m.5 views

Security Bulletin: There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27199)

Summary There is a vulnerability in werkzeug-3.1.5-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin...

6.3CVSS5.8AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:16 a.m.10 views

Security Bulletin: There is a vulnerability in pyasn1-0.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-30922)

Summary There is a vulnerability in pyasn1-0.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-30922 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Deni...

7.5CVSS5.9AI score0.0058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:16 a.m.4 views

Security Bulletin: There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-68161)

Summary There is a vulnerability in log4j-core-2.17.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS5.9AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 10:0 a.m.9 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana within Instana Agent container image build 1.0.315 Vulnerability Details CVEID:CVE-2026-23949 DESCRIPTION: jaraco.context, an open-source software package that provides some useful decorators and context managers, h...

8.6CVSS6.2AI score0.00527EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 7:23 a.m.5 views

Security Bulletin: Denial of Service Vulnerability in c-ares Resolver (Versions 1.32.3–1.34.5), affects watsonx.data

Summary c-ares versions 1.32.3–1.34.5 contain a flaw where certain DNS queries may terminate prematurely after maximum retry attempts, potentially leading to a Denial of Service. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-62408 DESCRIPTION: c-ares is an asynchronous resolv...

5.9CVSS5.9AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:44 a.m.8 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that...

7.5CVSS5.9AI score0.02591EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:30 a.m.16 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig...

7.5CVSS5.9AI score0.02591EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:9 a.m.2 views

Security Bulletin: Security Vulnerabilities were found in IBM Semeru Runtime Certified Edition provided with IBM Security Verify Directory (CVE-2025-53066, CVE-2025-53057)

Summary Security Vulnerabilities were addressed in IBM Semeru Runtime Certified Edition provided with IBM Security Verify Directory Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause...

7.5CVSS5.9AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:6 a.m.4 views

Security Bulletin: Vulnerability in libssh library (CVE-2025-5372) affects Power HMC.

Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-5372 DESCRIPTION: A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible...

8.8CVSS6.6AI score0.00407EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 9:37 p.m.9 views

Security Bulletin: IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file

Summary IBM Langflow Desktop supports retrieval-augmented generation RAG workflows through its FAISS Vector Store component, which loads persisted vector indexes and associated metadata from disk. A vulnerability in the FAISS component arises from unsafe deserialization of Python Pickle files,...

8.8CVSS6.7AI score0.00466EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 9:1 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details CVEID:CVE-2025-14915 DESCRIPTION: IBM WebSphere Application Server Liberty is affected by privilege escalatio...

7.2CVSS5.8AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 8:59 p.m.2 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty could provide weaker than expected security administering security settings when the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or appSecurity-5.0 feature is enabled. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: I...

9.8CVSS5.9AI score0.00355EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 8:36 p.m.5 views

Security Bulletin:IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint (CVE-2025-13855).

Summary IBM Storage Protect Server provides a JSON-RPC endpoint through which authenticated users can execute backend SQL SELECT queries and access data from internal database tables, potentially exposing administrative metadata. Vulnerability Details CVEID:CVE-2025-13855 DESCRIPTION: IBM Storage...

8.8CVSS6.1AI score0.00253EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 4:3 p.m.4 views

Security Bulletin: Due to use of Apache Commons Lang, IBM Operations Analytics - Log Analysis is affected by Uncontrolled Recursion Vulnerability

Summary Apache Commons Lang in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the core utility such as string manipulation, object utilities, and class utilities. CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerabilit...

5.3CVSS5.8AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 4:0 p.m.11 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Apache Tika

Summary Multiple vulnerabilities in Apache Tika that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an...

9.8CVSS7.1AI score0.79807EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 3:55 p.m.7 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

Summary IBM Operations Analytics – Log Analysis is affected by weaknesses in its Backend Authentication and Session Management module—used as part of its login mechanism—which exposes the product to improper authentication risks, including weak password policy enforcement and insufficient account...

9.8CVSS5.9AI score0.0036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/03 12:35 p.m.4 views

Security Bulletin: IBM Security Verify Directory (Container) is affected by a vulnerability in the setuptools package (CVE-2025-47273)

Summary A vulnerability in the setuptools package used by IBM Security Verify Directory Container has been addressed Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path...

8.8CVSS6.5AI score0.01479EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 10:0 p.m.9 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Management GUI and/or system health monitoring are now fixed in 5.2.3.7 or higher and 6.0.0.2 or higher

Summary The following vulnerabilities, which can affect IBM Storage Scale Management GUI and/or system health monitoring and could provide weaker-than-expected security, are now fixed in Storage Scale 5.2.3.7 or higher or 6.0.0.2 or higher. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION:...

9.1CVSS6.9AI score0.01535EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 9:55 p.m.3 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by server-side request forgery (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty is affected by server-side request forgery with the samlWeb-2.0 feature enabled. Vulnerability Details CVEID:CVE-2026-1561 DESCRIPTION: IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery SSRF. This may allow remot...

5.4CVSS5.9AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 9:53 p.m.10 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Specified Index, Position, or Offset in Input in zipfile (CVE-2025-8291)

Summary zipfile is used by IBM Storage Ceph. CVE-2025-8291 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2025-8291 DESCRIPTION: The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator...

4.3CVSS6.5AI score0.00353EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 6:43 p.m.5 views

Security Bulletin: IBM i is Affected by Use of Hard-coded Cryptographic Key, Cross-site Scripting, and Prototype Pollution Vulnerabilities in IBM WebSphere Application Server Liberty [CVE-2025-14923, CVE-2025-12635, CVE-2026-29063]

Summary IBM WebSphere Application Server Liberty for IBM i is vulnerable to providing weaker than expected security CVE-2025-14923, improper validation of user-supplied input CVE-2025-12635, and improperly controlled modification of object prototype attributes in the Immutable package...

9.8CVSS5.7AI score0.00978EPSS
Exploits1Affected Software6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 6:41 p.m.5 views

Security Bulletin: IBM Copy Services Manager may be affected by multiple vulnerabilities due to IBM SDK Quarterly CPU - Jan 2026

Summary Multiple Vulnerabilities were disclosed as part of the JAVA SE January 2026 Patch Update. Although likelihood of these issues being exploited is very low, IBM Copy Services Manager frequently updates product stack to ensure the utmost security is maintained. Vulnerability Details Refer to...

7.5CVSS6.8AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 3:45 p.m.3 views

Security Bulletin: IBM Langflow Desktop Axios Denial of Service

Summary Axios is used by IBM Langflow Desktop as part of its HTTP communication functionality in Node.js environments, enabling it to send and receive network requests to external services and APIs. A vulnerability in Axios affects how data: scheme URLs are handled by its Node.js HTTP adapter,...

7.5CVSS6.8AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 3:42 p.m.8 views

Security Bulletin: IBM Langflow Desktop Symlink Validation Bypass

Summary tar-fs is used by IBM Langflow Desktop as part of its archive extraction and file handling functionality through Node.js dependencies. A vulnerability in tar-fs affects how symbolic links are validated during extraction, allowing a crafted tarball to bypass symlink protections when the...

8.7CVSS6.6AI score0.00516EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 3:9 p.m.3 views

Security Bulletin: Inefficient Regex Complexity Vulnerability in brace-expansion Library (CVE-style Security Advisory), affects watsonx.data

Summary A vulnerability in the brace-expansion library versions up to 1.1.11, 2.0.1, 3.0.0, and 4.0.0 affects the expand function, allowing specially crafted input to trigger inefficient regular expression processing. This can lead to excessive CPU usage ReDoS, potentially degrading performance...

3.1CVSS4.6AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/02 3:36 a.m.12 views

Security Bulletin: Singlestore DB with IBM is affected by Multiple Vulnerabilities.

Summary Multiple Vulnerabilities found in Singlestore DB with IBM SingleStore Self-Managed Enterprise with IBM and SingleStore Self-Managed Standard with IBM in Version 8.9.46. Its been addressed in 8.9.47. Hence, IBM strongly recommends upgrading to 8.9.47. Vulnerability Details Refer to the...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 9:3 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a privilege escalation vulnerability (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

7.2CVSS5.9AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:59 p.m.5 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security when administering security settings with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 ...

9.8CVSS5.9AI score0.00355EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:58 p.m.2 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a privilege escalation vulnerability (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

7.2CVSS5.9AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:56 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a privilege escalation vulnerability (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

7.2CVSS5.9AI score0.00498EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:53 p.m.4 views

Security Bulletin:IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when administering security settings with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0 or...

9.8CVSS5.9AI score0.00355EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:51 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a security vulnerability that could provide weaker than expected security when administering security settings with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0,...

9.8CVSS5.9AI score0.00355EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:50 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability with the samlWeb-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes secti...

5.4CVSS5.9AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:47 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability with the samlWeb-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.4CVSS5.9AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 8:44 p.m.4 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability with the samlWeb-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

5.4CVSS5.9AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 7:9 p.m.8 views

Security Bulletin: IBM Maximo Application Suite was vulnerable to CVE-2026-4820 because Cookie ltpatoken2_<workspace_name> was not set with secure flag

Summary IBM Maximo Application Suite was vulnerable to CVE-2026-4820 because Cookie ltpatoken2 was not set with secure flag Vulnerability Details CVEID:CVE-2026-4820 DESCRIPTION: IBM Maximo Application Suite does not set the secure attribute on authorization tokens or session cookies. Attackers m...

4.3CVSS5.8AI score0.00118EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/01 6:8 p.m.6 views

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities due to libexpat (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778)

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat. Vulnerability Details CVEID:CVE-2026-32776 DESCRIPTION: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CWE:CWE-476: NULL...

5.5CVSS5.9AI score0.00216EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35596