Lucene search
K

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:21 p.m.6 views

Security Bulletin: IBM DataPower Gateway vulnerable to CSRF

Summary IBM DataPower Gateway is affected by a cross-site request forgery vulnerability Vulnerability Details CVEID:CVE-2025-36375 DESCRIPTION: IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted...

8.8CVSS5.9AI score0.00167EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:20 p.m.6 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service due to body-parser

Summary The affected package is used in the UI Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands o...

6.9CVSS5.9AI score0.00342EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:17 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873

Summary IBM Maximo Application Suite - Manage Component uses ajv-6.12.6 in multiple applications which is vulnerable CVE-2025-69873 Vulnerability Details CVEID:CVE-2025-69873 DESCRIPTION: ajv Another JSON Schema Validator before 8.18.0 is vulnerable to Regular Expression Denial of Service ReDoS...

7.5CVSS6.1AI score0.00492EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:8 p.m.6 views

Security Bulletin: Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively

Summary Location Service for ESRI Component uses cryptography-46.0.3, flask-3.1.2 and werkzeug-3.1.5 library which were vulnerable to CVE-2026-26007, CVE-2026-27205 and CVE-2026-27199 respectively. Vulnerability Details CVEID:CVE-2026-27199 DESCRIPTION: Werkzeug is a comprehensive WSGI web...

8.2CVSS5.8AI score0.00556EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 3:6 p.m.10 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to CVE-2026-25547 in package @isaacs/brace-expansion. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-25547 DESCRIPTION: @isaacs/brace-expansion is a hybrid CJS/ESM...

9.2CVSS5.8AI score0.00481EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 1:2 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775.

Summary IBM Maximo Application Suite - Visual Inspection component uses npm-11.7.0.tgz which is vulnerable to CVE-2026-0775, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-0775 DESCRIPTION: npm cli Incorrect Permission...

7CVSS6.2AI score0.00286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 12:20 p.m.8 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to node modules Hono and Undici

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to node modules Hono and Undici. Vulnerability Details CVEID:CVE-2026-29045 DESCRIPTION: Hono is a Web application framework that provides support for any...

9.8CVSS5.9AI score0.0115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 11:47 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by cross-site scripting and vulnerable to CVE-2025-32434.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by cross-site scripting and vulnerable to CVE-2025-32434. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: I...

9.8CVSS5.8AI score0.01878EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 11:40 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049.

Summary IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool...

7.1CVSS7.2AI score0.00311EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 10:19 a.m.7 views

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP6 vulnerabilities CVE-2025-27363 (vulnerable), CVE-2024-11612 (not vulnerable), CVE-2024-50602 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP6 April, 2025 CVE-2025-27363 vulnerable, CVE-2024-11612 affected, not vulnerable, CVE-2024-50602 vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details...

8.1CVSS7.2AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:37 a.m.6 views

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP7 vulnerabilities CVE-2025-29482 (vulnerable), CVE-2024-8176 (not vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP7 July, 2025 CVE-2025-29482 vulnerable, CVE-2024-8176 affected, not vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack...

7.5CVSS7.3AI score0.01569EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:16 a.m.5 views

Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP8, v8.5.8 BP1 vulnerabilities CVE-2023-45853 (vulnerable), CVE-2025-53816 (vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP8, v8.5.8 BP1 October, 2025 CVE-2023-45853 vulnerable, CVE-2025-53816 vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip...

9.8CVSS7AI score0.02918EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:12 a.m.4 views

Security Bulletin: IBM Content Navigator is affected by CVE-2026-1243, a Cross-Site Scripting (XSS) vulnerability

Summary IBM Content Navigator is affected by CVE-2026-1243, a Cross-Site Scripting XSS vulnerability that allows an authenticated user to embed arbitrary JavaScript into the Web UI. This could alter intended application behaviour and potentially lead to credentials disclosure within a trusted...

5.4CVSS5.5AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:10 a.m.13 views

Security Bulletin: IBM Content Navigator is affected by Log4J

Summary IBM Content Navigator is affected by multiple vulnerabilities in Apache Log4j 1.x, a logging library that reached end of life in August 2015. These include multiple Deserialization of Untrusted Data flaws CVE-2019-17571, CVE-2021-4104, CVE-2022-23302, CVE-2022-23307, CVE-2023-26464 in...

9.8CVSS7.2AI score0.66537EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:6 a.m.4 views

Security Bulletin: IBM Content Navigator is affected by Jose4J

Summary IBM Content Navigator is affected by CVE-2023-51775, an Uncontrolled Resource Consumption vulnerability CWE-400 in the jose4j library prior to version 0.9.4. An attacker can trigger excessive CPU consumption and denial of service by supplying a large PBES2 iteration count p2c parameter in...

6.5CVSS6.9AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:4 a.m.6 views

Security Bulletin: IBM Content Navigator is affected by JDOM

Summary IBM Content Navigator is affected by CVE-2021-33813, an XML External Entity XXE injection vulnerability CWE-611 in the SAXBuilder component of the JDOM library through version 2.0.6. A remote attacker could exploit this via a crafted HTTP request to cause a denial of service condition. Th...

7.5CVSS6.8AI score0.19442EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:1 a.m.5 views

Security Bulletin: IBM Content Navigator is affect my Apache Xalan

Summary IBM Content Navigator is affected by CVE-2022-34169, a remote code execution vulnerability CWE-681 in the Apache Xalan Java XSLT library. An integer truncation flaw in the processing of XSLT stylesheets allows a remote attacker to supply a specially crafted stylesheet and execute arbitrar...

7.5CVSS7.7AI score0.17673EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:26 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.3-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-26007.

Summary IBM Maximo Application Suite - Monitor Component uses cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION: cryptography is a...

8.2CVSS5.9AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:25 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727.

Summary IBM Maximo Application Suite - Monitor Component uses c3p0-0.11.2.jar and mchange-commons-java-0.3.2.jar which are vulnerable to CVE-2026-27830 and CVE-2026-27727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27830 DESCRIPTION: c3p0...

9.8CVSS6.2AI score0.00812EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:20 a.m.8 views

Security Bulletin: IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727.

Summary IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25727 DESCRIPTION: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when...

6.8CVSS5.8AI score0.00291EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:18 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses multiple jar packages which are vulnerable to CVE-2025-24970, CVE-2025-55163.

Summary IBM Maximo Application Suite - Monitor Component uses multiple jar packages which are vulnerable to CVE-2025-24970, CVE-2025-55163. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven...

8.2CVSS6.9AI score0.01966EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:17 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pillow-12.1.0-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-25990.

Summary IBM Maximo Application Suite - Monitor Component uses pillow-12.1.0-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-25990. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is...

8.6CVSS6AI score0.00367EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:15 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses virtualenv-20.26.6-py3-none-any.whl which is vulnerable to CVE-2026-22702.

Summary IBM Edge Data Collector uses virtualenv-20.26.6-py3-none-any.whl which is vulnerable to CVE-2026-22702. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-22702 DESCRIPTION: virtualenv is a tool for creating isolated virtual python...

4.5CVSS5.8AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:10 a.m.7 views

Security Bulletin: IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2026-22701.

Summary IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2026-22701. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock is a platform-independent file lock for Python. Prior to...

5.3CVSS5.8AI score0.00115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:4 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639.

Summary IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js...

7.5CVSS7.3AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:3 a.m.4 views

Security Bulletin: IBM Edge Data Collector uses PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl which is vulnerable to CVE-2025-69277.

Summary IBM Edge Data Collector uses PyNaCl-1.4.0-cp35-abi3-manylinux1x8664.whl which is vulnerable to CVE-2025-69277. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases involving...

4.5CVSS6AI score0.00166EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:2 a.m.14 views

Security Bulletin: IBM Edge Data Collector uses django-4.2.27-py3-none-any.whl which is vulnerable to CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, CVE-2026-1312.

Summary IBM Edge Data Collector uses django-4.2.27-py3-none-any.whl which is vulnerable to CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, CVE-2026-1312. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-13473...

8.5CVSS7.3AI score0.09436EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:1 a.m.7 views

Security Bulletin: IBM Edge Data Collector uses bytes-1.10.0.crate which is vulnerable to CVE-2026-25541.

Summary IBM Edge Data Collector uses bytes-1.10.0.crate which is vulnerable to CVE-2026-25541. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25541 DESCRIPTION: Bytes is a utility library for working with bytes. From version 1.2.1 to before...

7.5CVSS5.7AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 6:57 a.m.5 views

Security Bulletin: IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2025-68146.

Summary IBM Edge Data Collector uses filelock-3.12.2-py3-none-any.whl which is vulnerable to CVE-2025-68146. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In version...

6.5CVSS7.3AI score0.00184EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 5:52 a.m.6 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to rhino

Summary IBM webMethods BPM uses rhino to embed a JavaScript engine for executing internal scripts related to business logic and configuration. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1,...

7.5CVSS6.8AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/29 11:41 p.m.10 views

Security Bulletin: IBM Content Navigator is affected by Apache Xerces2

Summary IBM Content Navigator is affected by multiple vulnerabilities in the Apache Xerces2 Java XML parser library. CVE-2009-2625 and CVE-2022-23437 describe infinite loop conditions triggered by malformed XML input, leading to application hang or denial of service. CVE-2012-0881 allows CPU...

7.8CVSS6.7AI score0.3038EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/29 11:39 p.m.6 views

Security Bulletin: IBM Content Navigator is affected by CVE-2025-46392

Summary IBM Content Navigator is affected by CVE-2025-46392, an Uncontrolled Resource Consumption vulnerability CWE-400 in Apache Commons Configuration 1.x commons-configuration-1.7.jar. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in...

6.5CVSS7AI score0.01663EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 6:6 p.m.3 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to JSON-Java

Summary IBM webMethods BPM uses JSON-Java for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts...

7.5CVSS5.9AI score0.01449EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 6:3 p.m.8 views

Security Bulletin: Operator for IBM DataPower Gateway vulnerable to Denial of Service

Summary This vulnerability can allow an invalid DNS response to cause an operator crash. Vulnerability Details CVEID:CVE-2026-25518 DESCRIPTION: cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and...

5.9CVSS5.8AI score0.00349EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:59 p.m.4 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to commons-io

Summary IBM webMethods BPM uses commons-io to simplify file and stream handling operations within the application, such as reading, writing, and manipulating files and input/output streams. Vulnerability Details CVEID:CVE-2021-29425 DESCRIPTION: In Apache Commons IO before 2.7, When invoking the...

5.8CVSS5.9AI score0.10608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:58 p.m.4 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to jetty

Summary IBM webMethods BPM uses jetty to enable embedded web server capabilities within the application. Vulnerability Details CVEID:CVE-2024-6763 DESCRIPTION: Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for...

5.3CVSS5.9AI score0.00986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:55 p.m.11 views

Security Bulletin: IBM DataPower Gateway vulnerable to Denial of Service

Summary Processing a malformed PKCS12 file can cause an appliance reload. Vulnerability Details CVEID:CVE-2026-22795 DESCRIPTION: Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a...

5.5CVSS5.8AI score0.00144EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:53 p.m.6 views

Security Bulletin: IBM dataPower Gateway affected by prototype pollution vulnerability in Lodash

Summary The affected package is used in the UI and API Gateway Director components Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause...

8.2CVSS5.9AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:49 p.m.9 views

Security Bulletin: IBM WebSphere Automation is vulnerable to multiple security vulnerabilites

Summary Multiple security vulnerabilites were identified in the Open Liberty baseimage which is shipped with IBM WebSphere Automation. Vulnerability Details CVEID:CVE-2015-20107 DESCRIPTION: In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands...

9.8CVSS7.6AI score0.07443EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 5:32 p.m.13 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js module Multer (CVE-2026-2359, CVE-2026-3304 & CVE-2026-3520)

Summary The IBM App Connect Enterprise Connector Discovery and OpenAPI Editor is vulnerable to multiple vulnerabilities due to Node.js module Multer. Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer...

8.7CVSS6AI score0.00713EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 4:53 p.m.8 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules.

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Connector Discovery and OpenAPI Editor and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to multiple node modules. Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer ...

9.3CVSS6AI score0.00811EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 4:33 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Event Endpoint Management.

Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management 11.7.3 Vulnerability Details CVEID:CVE-2025-68470 DESCRIPTION: React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a Rea...

9.2CVSS6.1AI score0.00743EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 3:56 p.m.6 views

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.1 Vulnerability Details CVEID:CVE-2025-13916 DESCRIPTION: IBM Aspera Shares uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information CWE:CWE-327: U...

7.5CVSS5.7AI score0.00665EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 11:53 a.m.6 views

Security Bulletin: IBM Cloud Pak for Data System 2.0 is affected by credential leakage due to requests library

Summary The requests library is used by IBM Cloud Pak for Data System 2.0 as an HTTP library for Python applications. CVE-2024-47081 affects the requests library's URL parsing mechanism where a vulnerability allows .netrc credentials to be leaked to third parties when processing specific...

5.3CVSS5.8AI score0.00846EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 9:11 a.m.11 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2026.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue...

8.8CVSS7.4AI score0.02164EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:58 a.m.16 views

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026

Summary In addition to updating many operating system level packages on container images, IBM Business Automation Workflow fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

8.8CVSS7.2AI score0.01495EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:20 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3 which is vulnerable to CVE-2026-26007

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library cryptography-46.0.3-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-26007. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26007 DESCRIPTION...

8.2CVSS5.9AI score0.00341EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:10 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4 which is vulnerable to CVE-2026-21860

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...

6.3CVSS5.8AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:6 a.m.11 views

Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2019-17638, CVE-2020-27218, CVE-2021-28169, CVE-2021-34428, CVE-2022-2047, CVE-2023-26048, CVE-2023-26049, CVE-2024-13009, CVE-2024-8184 Vulnerability Details CVEID:CVE-2019-17638 DESCRIPTION: In Eclip...

9.4CVSS7AI score0.7848EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:3 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2 which is vulnerable to CVE-2026-27205

Summary IBM Maximo Application Suite - Predict Component was using vulnerable library flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-27205 DESCRIPTION: Flask is a web server...

4.3CVSS5.8AI score0.00374EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35596