Lucene search
K

35596 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 8:3 a.m.6 views

Security Bulletin: Due to the use of hibernate-core. IBM webMethods BPM is vulnerable to a second-order SQL injection

Summary IBM webMethods BPM tool is dependant on hibernate-core which is affected by known vulnerability - CVE-2026-0603. Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection...

8.3CVSS6.1AI score0.00782EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 1:1 a.m.5 views

Security Bulletin: Security Configuration vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2025-14914)

Summary IBM WebSphere Application Server Liberty is vulnerable to a remote code execution attack which can affect IBM Spectrum Protect Operations Center. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a...

7.6CVSS6.7AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 1:0 a.m.7 views

Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in IBM SDK, Java Technology Edition that could allow denial-of-service or information exposure in applications using the affected Java components.

Summary IBM Storage Protect Server is affected by multiple vulnerabilities in IBM SDK, Java Technology Edition may allow attackers to exploit weaknesses in certain Java components. These issues could lead to denial-of-service conditions or unintended information exposure in applications that rely...

7.5CVSS5.9AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:59 a.m.12 views

Security Bulletin:IBM Storage Protect Server is vulnerable to an unauthenticated attacker with network access via multiple protocols and TLS due to IBM SDK, Java (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925).

Summary IBM SDK, Java is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of...

7.5CVSS5.8AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:57 a.m.6 views

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the logback-core library that could allow denial-of-service through specially crafted inputs (CVE-2026-1225).

Summary IBM Storage Protect Server uses the logback-core library in certain components; the library is affected by an input handling flaw that could allow specially crafted inputs to trigger a denial-of-service condition. Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in...

1.8CVSS5.8AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:56 a.m.5 views

Security Bulletin: IBM Storage Protect Operations Center is affected by a vulnerability in IBM WebSphere Application Server Liberty that could allow a security configuration attack (CVE-2025-12635).

Summary IBM Spectrum Protect Operations Center uses IBM WebSphere Application Server Liberty in certain components; a vulnerability in Liberty may allow a security configuration attack that could impact the security of the affected environment under specific conditions. Vulnerability Details...

5.4CVSS5.5AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:55 a.m.11 views

Security Bulletin: IBM Storage Protect Server is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS due to IBM SDK, Java (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754)

Summary IBM SDK, Java is vulnerable to unauthenticated attacker with network access via multiple protocols and TLS, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE,...

8.1CVSS6.7AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:54 a.m.6 views

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the logback-core library that could lead to denial-of-service under specific conditions (CVE-2025-11226).

Summary IBM Storage Protect Server uses the logback-core library in certain components; the library is vulnerable to improper handling of certain inputs that could lead to denial-of-service under specific conditions. Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in...

7CVSS6.2AI score0.00181EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:53 a.m.5 views

Security Bulletin:IBM Storage Protect Server is affected by a vulnerability in the Apache POI library that could lead to denial-of-service when processing specially crafted archive files (CVE-2019-12415).

Summary IBM Storage Protect Server uses the Apache POI library in certain components; this library is vulnerable to processing specially crafted archive files that may cause excessive memory allocation, potentially leading to a denial-of-service condition. Vulnerability Details CVEID:CVE-2019-124...

5.5CVSS7.3AI score0.0099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:50 a.m.4 views

Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in the Golang crypto library used by the Object Agent and OSSM components that could lead to denial-of-service (CVE-2025-47913, CVE-2025-47914, CVE-2025-58181).

Summary IBM Storage Protect Server uses the Golang crypto library in the Object Agent and OSSM components. Vulnerabilities in this library may allow specially crafted inputs to trigger denial-of-service conditions in applications using the affected components. Vulnerability Details...

7.5CVSS5.8AI score0.00591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:49 a.m.4 views

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Apache Commons IO library that could lead to denial-of-service when processing specially crafted input (CVE-2025-48924).

Summary IBM Storage Protect Server uses the Apache Commons IO library in certain components; Apache Commons IO is vulnerable to improper resource handling that may lead to denial-of-service conditions when processing specially crafted input. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION:...

5.3CVSS6.8AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:48 a.m.6 views

Security Bulletin: IBM Storage Protect Server is affected by vulnerabilities in the Eclipse Jetty web server library that could lead to denial-of-service due to issues in certificate and protocol handling (CVE-2024-6763, CVE-2024-8184).

Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Vulnerabilities related to certificate and protocol handling in the Jetty library may allow specially crafted requests to trigger denial-of-service conditions in applications using the affected...

6.5CVSS6.8AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:47 a.m.7 views

Security Bulletin: IBM Storage Protect Server is affected by a vulnerability in the Eclipse Jetty web server library that could lead to request data corruption or leakage between sessions (CVE-2024-13009).

Summary IBM Storage Protect Server uses the Eclipse Jetty web server library in certain components. Jetty is vulnerable to improper handling of malformed gzip requests, which may lead to request data corruption or inadvertent leakage of request data between sessions under certain conditio...

7.2CVSS7.1AI score0.00432EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 7:47 p.m.12 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2022-50673 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows...

7.8CVSS7.7AI score0.0071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 7:45 p.m.26 views

Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosures and cross-site scripting

Summary Several potential Cross-Site Scripting and Information Disclosure issues addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2025-13995 DESCRIPTION: IBM QRadar SIEM could allow an attacker with access to one tenant to access hostname data from another tenant's account...

6.2CVSS5.5AI score0.0018EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 4:2 p.m.8 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to XSS (CVE-2026-33230), denial of service (CVE-2026-33231, GHSA-rf74-v2fm-23pw) and path traversal (CVE-2026-33236)

Summary Python module NLTK is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to cross-site scripting CVE-2026-33230, denial of service CVE-2026-3323...

8.1CVSS5.8AI score0.00855EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 3:54 p.m.4 views

Security Bulletin: Multiple Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affects WebSphere eXtreme Scale

Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote...

9.8CVSS6.8AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 3:38 p.m.7 views

Security Bulletin: Technical Support Appliance - potential denial of service conditions in underlying Linux kernel

Summary Multiple vulnerabilities have been identified in the Linux kernel affecting subsystems such as ext4 filesystem, IPv6 networking, framebuffer console, and other optional components e.g., Bluetooth, RDMA, NFS, NVMe, USB audio. These issues primarily involve race conditions, use-after-free...

7.8CVSS5.9AI score0.0071EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 3:34 p.m.8 views

Security Bulletin: Technical Support Appliance - potential denial of service in Linux kernel subsystems

Summary Multiple vulnerabilities have been identified in the Linux kernel affecting subsystems including InfiniBand hfi1, RDMA, SquashFS, ATM networking, USB core, MPTCP, procfs, and framebuffer fbdev. These issues involve race conditions, use-after-free scenarios, and out-of-bounds memory access...

7.8CVSS5.9AI score0.00259EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 3:15 p.m.7 views

Security Bulletin: IBM Technical Support Appliance - potential denial of service in Linux kernel subsystems

Summary Multiple vulnerabilities have been identified in the Linux kernel affecting subsystems including RDMA rxe and core memory management. These issues involve conditions such as double free, incomplete state handling, and NULL pointer dereference, which could lead to system instability or...

7.8CVSS6AI score0.00151EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 2:26 p.m.6 views

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM Common Licensing due to CVE-2026-1188

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM LKS Administration and Reporting Tool ART and Administration Agent. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API...

9.8CVSS7.7AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 1:51 p.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to remote code execution (CVE-2026-1615)

Summary Node.js module jsonpath is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in...

9.8CVSS6.3AI score0.01049EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 12:43 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily...

7.5CVSS6.4AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 11:56 a.m.7 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in Starlette (CVE-2025-54121)

Summary A vulnerability in the Starlette library CVE-2025-54121 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 0.49.3. Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface...

5.3CVSS6.7AI score0.0053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 11:43 a.m.8 views

Security Bulletin: A vulnerability in zlib affects IBM License Metric Tool v9 scanner (CIT)

Summary There is a vulnerability in the zlib component used by IBM License Metric Tool v9 scanner CIT Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because x2nmodp can do right shifts within a loop that ha...

5.5CVSS5.8AI score0.00204EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 11:35 a.m.10 views

Security Bulletin: Multiple Vulnerabilities affects IBM License Metric Tool v9

Summary Multiple vulnerabilities have been remediated in components used by IBM License Metric Tool Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate...

7.5CVSS6.8AI score0.02591EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 6:49 a.m.43 views

Security Bulletin: IBM SPSS Modeler is vulnerabile to SSL private key exposure (CVE-2023-33842)

Summary An SSL private key exposure in IBM SPSS Modeler could allow a local user to decrypt and obtain sensitive information Vulnerability Details CVEID:CVE-2023-33842 DESCRIPTION: IBM SPSS Modeler on Windows requires the end user to have access to the server SSL key which could allow a local use...

6.2CVSS6.2AI score0.00188EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 6:20 a.m.5 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities disclosed in IBM Semeru Runtime.

Summary IBM SPSS Modeler is affected by multiple vulnerabilities disclosed in IBM Semeru Runtime CVE-2026-21945, CVE-2026-21933, CVE-2026-21932, CVE-2026-21925, CVE-2026-1188. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

9.8CVSS6.8AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/26 6:10 a.m.7 views

Security Bulletin: IBM Operational Decision Manager for March 2026 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-41254...

9.4CVSS7.6AI score0.01237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 7:31 p.m.14 views

Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Standard Cartridge

Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Standard Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2025-36187 DESCRIPTION: IBM...

9.4CVSS7AI score0.02164EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 5:41 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to HTTP header injection (CVE-2025-14807)

Summary A HTTP header injection vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14807 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This coul...

6.5CVSS5.7AI score0.00221EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 4:35 p.m.11 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, are bundled with WebSphere Remote Server, are affected by a denial of service due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...

7.5CVSS5.8AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 2:42 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Jan 2026 CPU (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability iss...

7.5CVSS7.2AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 1:12 p.m.7 views

Security Bulletin: Vulnerability in AIOHTTP bundled with IBM Fusion Content-Aware Storage.

Summary IBM Fusion Content-Aware Storage includes AIOHTTP which could allow DoS, request smuggling, logging storm attacks. The target service within Content-Aware Storage is vLLM, and this service is accessible only on the private network within kubernetes, and requires this private network acces...

8.7CVSS6.9AI score0.00487EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 1:4 p.m.3 views

Security Bulletin: IBM DevOps Build addresses multiple vulnerabilities.

Summary IBM DevOps Build 7.1.0.3 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder...

9.1CVSS6.2AI score0.00743EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 12:45 p.m.6 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service (CVE-2026-32874, CVE-2026-32875)

Summary Python module UltraJSON is used by IBM App Connect Enterprise Certified Container by the mapping assistance component. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch...

7.5CVSS6.2AI score0.00479EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 12:17 p.m.7 views

Security Bulletin: IBM Engineering Test Management is affected by IBM WebSphere Application Server and Liberty are affected by SMTP injection(CVE-2025-7962)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, and addressed in this bulletin: IBM...

7.5CVSS6.7AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 12:2 p.m.4 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to CVE-2025-14684.

Summary IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to CVE-2025-14684. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-14684 DESCRIPTION: IBM Maximo Application Suite - Monitor Component could allow an...

4CVSS5.8AI score0.00135EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 6:30 a.m.6 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2025-14914, CVE-2025-12635)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14914, CVE-2025-12635. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty...

7.6CVSS5.8AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 9:49 p.m.16 views

Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D

Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.1.2 Vulnerability Details CVEID:CVE-2026-26278 DESCRIPTION: fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no...

8.7CVSS7AI score0.02591EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 9:20 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to information exposure (CVE-2026-2484)

Summary An information exposure vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2026-2484 DESCRIPTION: InfoSphere Information Server is affected by an information exposure vulnerability caused by overly verbose error messages. CWE:CWE-209:...

4.3CVSS5.8AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 9:14 p.m.4 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting (CVE-2026-2485)

Summary A stored cross-site scripting vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2026-2485 DESCRIPTION: Infosphere Information Server is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary...

4.8CVSS5.5AI score0.00187EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 9:4 p.m.4 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site scripting (CVE-2026-2483)

Summary A cross-site scripting vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2026-2483 DESCRIPTION: InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We...

5.4CVSS5.4AI score0.00208EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 8:57 p.m.4 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in AssertJ (CVE-2026-24400)

Summary A vulnerability in AssertJ that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-24400 DESCRIPTION: AssertJ provides Fluent testing assertions for Java and the Java Virtual Machine JVM. Starting in version 1.4.0 and prior to version 3.27.7, an X...

9.1CVSS7.1AI score0.00542EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 7:29 p.m.10 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Undertow

Summary Multiple vulnerabilities in Undertow that is used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the...

9.6CVSS5.8AI score0.01256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 7:26 p.m.5 views

Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2026-1262)

Summary An information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1262 DESCRIPTION: IBM InfoSphere Information Server is affected by an information disclosure vulnerability. CWE:CWE-209: Generation of Error Message Containing...

4.3CVSS5.8AI score0.00242EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 7:15 p.m.10 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable to server-side request forgery (CVE-2026-1015)

Summary A server-side request forgery vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2026-1015 DESCRIPTION: InfoSphere Information Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...

5.4CVSS5.8AI score0.00207EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 7:7 p.m.10 views

Security Bulletin: IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information (CVE-2026-1014)

Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1014 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to exposure of sensitive information via JSON server response manipulation...

6.5CVSS5.8AI score0.00214EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 7:0 p.m.5 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in qs (parse modules) (CVE-2025-15284)

Summary A vulnerability in qs parse modules that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option...

6.3CVSS5.8AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 6:54 p.m.8 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Log4j (CVE-2025-68161)

Summary A vulnerability in Apache Log4j that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificat...

6.3CVSS5.8AI score0.00743EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35596