Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Request Smuggling Vulnerability in Netty (CVE-2025-67735)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server and server-server inter-communication services. CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In version...

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their January 2026 Critical Patch Update. For more information please refer to Oracle's January 2026 CPU Advisory and the CVE links referenced below. Vulnerability Details...

Security Bulletin: Security vulnerability found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms.

Summary A sensitive information exposure is found in the Red Hat Universal Base Image Minimal shipped with CICS Transaction Gateway for Multiplatforms. The CICS Transaction Gateway for Multiplatforms container has been updated to address the vulnerability. Vulnerability Details IBM X-Force ID:...

Security Bulletin: Enterprise Content Managemant System Monitor for December 2025 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

Security Bulletin: Enterprise Content Managemant System Monitor for December 2025 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

Security Bulletin: Enterprise Content Managemant System Monitor for July 2025 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

Security Bulletin: Security vulnerabilities found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms

Summary Security vulnerabilities found in the Red Hat Universal Base Image Minimal shipped with CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerability CVE-2024-28757, CVE-2025-59375, CVE-2025-5372. Vulnerability Details CVEID:CVE-2024-28757 DESCRIPTION: libexpat throug...

Security Bulletin: A vulnerability in NanoID affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in NanoID affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop with Unreachable Exit Condition...

Security Bulletin: A vulnerability in the cookie package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the cookie package affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie...

Security Bulletin: A vulnerability in the serve-static package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the serve-static package affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute...

Security Bulletin: A vulnerability in the Send library affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Send library affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect...

Security Bulletin: A vulnerability in express.js affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in express.js affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5 Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirec...

Security Bulletin: A vulnerability in path-to-regexp affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in path-to-regexp affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can b...

Security Bulletin: A vulnerability in the Async package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in OpenSSL affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this...

Security Bulletin: A vulnerability in Express.js affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in Express.js affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5 Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are...

Security Bulletin: A vulnerability in the jackson-core package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the jackson-core package affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The methods in the classes listed below fail to...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL 7 on Cloud Pak for Data 4.8 and earlier Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long...

Security Bulletin: A vulnerabilities in NPM package `braces` affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerabilities in NPM package braces affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.8 and 5.0 and earlier. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could...

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7647 DESCRIPTION: The llama-index-core package, up to version 0.12.44, contains a...

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression cha...

Security Bulletin: Vulnerability in jshttp on-headers affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerability in jshttp on-headers affect IBM® Db2® Big SQL 8.2.0 on IBM Cloud Pak for Data 5.2 Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in...

Security Bulletin: Vulnerability in juliangruber brace-expansion affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerability in juliangruber brace-expansion affect IBM® Db2® Big SQL 8.2 on IBM Cloud Pak for Data 5.2 and earlier Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as...

Security Bulletin: Vulnerabilities in Apache Commons Lang affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerabilities in Apache Commons Lang affect IBM® Db2® Big SQL 8.2.1 on IBM Cloud Pak for Data 5.2.1 and earlier. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

Security Bulletin: Vulnerabilities in Requets affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerabilities in Requets affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties...

Security Bulletin: Vulnerability in golang.org/x/net affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerability in golang.org/x/net affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the...

Security Bulletin: A vulnerability in Babel affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in Babel prior to version 7.6.10 affect IBM® Db2® Big SQL 7 & 8 on IBM Cloud Pak for Data 4 & 5 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and...

Security Bulletin: Multiple vulnerabilities in IBM Db2 affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerabilities in IBM® Db2® 11.5 & 12.1 affect IBM Db2 Big SQL 7 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1, 11.5, and 12.1 is vulnerable to a denial of...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerabilities in IBM® Db2® 11.5 affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 & 5 Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific...

Security Bulletin: IBM Db2 Big SQL on Cloud Pak for Data is vulnerable to a denial of service due to lack of throttling on an API

Summary IBM Db2 Big SQL 7.8 and earlier on CLoud Pak for Data 5.1 and earlier is vulnerable to a denial of service due to lack of throttling on an API Vulnerability Details CVEID:CVE-2024-39724 DESCRIPTION: IBM Big SQL does not properly limit allocation of resources which could allow an...

Security Bulletin: Multiple vulnerabilities in Java SE affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerabilities in Java SE 8 affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 & 5 Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, ...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data

Summary Multiple vulnerabilities in IBM Db2 12.1 affect IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-33012 DESCRIPTION: IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux...

Security Bulletin: Vulnerability in Axios affects IBM Db2 Big SQL on Cloud Pak for Data

Summary Vulnerability in Axios 1.11 and earlier affects IBM Db2 Big SQL 8.2 on Cloud Pak for Data 5.2 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and...

Security Bulletin: A vulnerability in Apache Parquet affect IBM® Db2® Big SQL.

Summary A vulnerability in Apache Parquet 1.15.0 affect IBM® Db2® Big SQL 8.2 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-46762 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute...

Security Bulletin: A vulnerability in Apache common-beanutils affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in Apache common-beanutils 1.9.4 affects IBM Db2 Big SQL 8.2 on Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2...

Security Bulletin: A vulnerability in FreeType affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in FreeType 2.13.0 and earlier affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable...

Security Bulletin: A vulnerability in the golang-jwt package affects IBM DB2 Big SQL on Cloud Pak for Data

Summary A vulnerability in the golang-jwt 4.5 package affects IBM DB2 Big SQL 7.8.0 on Cloud Pak for Data 5.1 and earlier Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2,...

Security Bulletin: A vulnerability in Axios affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in Axios 1.7.9 and earlier affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 Vulnerability Details CVEID:CVE-2025-27152 DESCRIPTION: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 & 12.1 used by IBM® Db2® Big SQL 7 & 8 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-33092 DESCRIPTION: IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in...

Security Bulletin: A vulnerability in form-data affect IBM® Db2® Big SQL.

Summary A vulnerability in form-data affect IBM® Db2® Big SQL 8.2 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 & 12.1 used by IBM® Db2® Big SQL 7 & 8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2025-30065 DESCRIPTION: Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows ba...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli System Automation Application Manager (CVE-2025-12635)

Summary A cross site scripting vulnerability affecting the WebSphere Application Server has been addressed in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Netcool Configuration Manager (ITNCM) is affected by cross-site scripting (CVE-2025-12635).

Summary WebSphere Application Server, used by IBM Tivoli Netcool Configuration Manager ITNCM, is affected by cross-site scripting. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM...

Security Bulletin: IBM Sterling Connect:Direct for Unix is vulnerable due to IBM Runtime Environment Java Technology Edition Version 8

Summary IBM Java 8 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 8. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 8 to address the issues. Vulnerability...

Security Bulletin: IBM Sterling Connect:Direct for Unix is impacted by vulnerabilities due to IBM Java 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 17 to address the issues. Vulnerabilit...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition Version 8

Summary There are vulnerabilities in IBM Runtime Environment Java Technology Edition Version 8 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in IBM Semeru Runtime version 17

Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability i...

Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus ...

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is a...

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is a...

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-25193 DESCRIPTION: Netty, an...