35598 matches found
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in qs (parse modules) (CVE-2025-15284)
Summary A vulnerability in qs parse modules that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Log4j (CVE-2025-68161)
Summary A vulnerability in Apache Log4j that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificat...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference (CVE-2025-14974)
Summary A vulnerability due to Insecure Direct Object Reference in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14974 DESCRIPTION: IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference IDOR. CWE:CWE-639: Authorization Bypa...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in React (CVE-2018-6341)
Summary A vulnerability in React that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2018-6341 DESCRIPTION: React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to server-side request forgery (CVE-2025-14912)
Summary A server-side request forgery vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14912 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...
Security Bulletin: IBM Security QRadar Log Management AQL Plugin is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM Security QRadar Log Management AQL Plugin has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...
Security Bulletin: The Network Threat Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Network Threat Analytics App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2023-2454 DESCRIPTION:...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insufficient session expiration (CVE-2025-14810)
Summary A vulnerability due to insufficient session expiration in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14810 DESCRIPTION: InfoSphere Information Server does not invalidate a session after privileges have been modified which could allow an...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to disclosure of sensitive information (CVE-2025-14808)
Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14808 DESCRIPTION: InfoSphere Information Server could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to disclosure of sensitive information (CVE-2025-14790)
Summary A sensitive information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-14790 DESCRIPTION: IBM InfoSphere Information Server could allow an attacker to obtain sensitive information due to insufficiently protected credential...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-12635)
Summary A vulnerability in IBM WebSphere Application Server Liberty that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to cross-site request forgery (CVE-2025-36422)
Summary A cross-site request forgery vulnerability was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2025-36422 DESCRIPTION: IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password (CVE-2025-36258)
Summary A vulnerability due to plaintext storage of a password was addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID:CVE-2025-36258 DESCRIPTION: IBM InfoSphere Information Server product stores user credentials and other sensitive information in plain text which can be...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924)
Summary A vulnerability in Apache Commons Lang that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: IBM WebSphere Application Server Liberty is affected by a prototype pollution vulnerability due to immutable (CVE-2026-29063)
Summary There is a vulnerability in the immutable library which affects IBM WebSphere Application Server Liberty with the openapi-3.0, openapi-3.1, mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0 mpOpenAPI-3.1, mpOpenAPI-4.0 or mpOpenAPI-4.1 feature enabled. Vulnerability Details...
Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17
Summary IBM Java 17 is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct FTP...
Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service
Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...
Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM Java: Buffer overflow vulnerability in OMR allows denial-of-service
Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...
Security Bulletin: IBM Datapower Operations Dashboard could allow HTTP Parameter Pollution CVE-2025-7783
Summary form-data is used by the IBM Datapower Operations Dashboard for their streaming implementation Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to handshake corruption due to the crypto/tls package (CVE-2025-68121)
Summary Crypto/tls is used as part of secure encryption by DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-68121 DESCRIPTION: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the...
Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty and Expat that are shipped with IBM CICS TX Standard.
Summary Security vulnerabilities may affect IBM WebSphere Liberty and Expat that are shipped with IBM CICS TX Standard CVE-2025-14914, CVE-2022-23990, CVE-2024-28757, CVE-2025-59375 and CVE-2025-12635. IBM WebSphere Liberty and Expat have been updated within IBM CICS TX Standard to address these...
Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench ist affected by leaking a live reference to Array.Prototype
Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-33228 DESCRIPTION: flatted is a circular JSON parser. Prior to version 3.4.2, the parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array...
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.
Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...
Security Bulletin: A heap-based buffer overflow flaw affects CICS Transaction Gateway for Multiplatforms container (CVE-2022-0185)
Summary A heap-based buffer overflow flaw affects CICS Transaction Gateway for Multiplatforms container. CICS Transaction Gateway for Multiplatforms container has documented how to address the applicable vulnerability. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: A heap-based buffer...
Security Bulletin: SOAR App Host is using a component with a known vulnerability (CVE-2026-1188)
Summary IBM SOAR App Host uses an older version of the OMR component in OpenJ9 JVM that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 1.15.7.0 Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTIO...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181
Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47914, CVE-2025-58181 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-47914 DESCRIPTION: SSH Agent...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.2.tgz which is vulnerable to CVE-2026-23950
Summary IBM Maximo Application Suite - Visual Inspection component uses tar-7.5.2.tgz which is vulnerable to CVE-2026-23950. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has ...
Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.3 which is vulnerable to CVE-2025-66221
Summary IBM Maximo Application Suite - Predict Component was using vulnerable library werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a...
Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library urllib3-2.6.2 which is vulnerable to CVE-2026-21441
Summary IBM Maximo Application Suite - Predict Component was using vulnerable library urllib3-2.6.2-py3-none-any.whl which is vulnerable to CVE-2026-21441. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP...
Security Bulletin: IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.1 which is vulnerable to CVE-2026-23490
Summary IBM Maximo Application Suite - Predict Component was using vulnerable library pyasn1-0.6.1-py3-none-any.whl which is vulnerable to CVE-2026-23490. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same...
Security Bulletin: Vulnerabilities in Storybook affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Storybook has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-68429 DESCRIPTION:...
Security Bulletin: Vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerabilities have been identified that affect IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-47914 DESCRIPTION: SSH Agent...
Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-66560 DESCRIPTION: Quarkus ...
Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input...
Security Bulletin: Vulnerabilities in Undici affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Undici has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-22036 DESCRIPTION: Undici is...
Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLim...
Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is a...
Security Bulletin: Vulnerabilities in juliangruber affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in juliangruber has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A...
Security Bulletin: Vulnerability affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-8869 DESCRIPTION: When extracting a ta...
Security Bulletin: Vulnerabilities in affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Ta...
Security Bulletin: Vulnerabilities in wheel affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in wheel has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a...
Security Bulletin: Enumeration of users, compromised data confidentiality and integrity, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency Service is vulnerable to enumeration of users, compromised data confidentiality and integrity, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22029 DESCRIPTION: React Router is a router for React. In...
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in jsPDF (CVE-2025-57810)
Summary A vulnerability in jsPDF CVE-2025-57810 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 4.0.0. Vulnerability Details CVEID:CVE-2025-57810 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the...
Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in form-data (CVE-2025-7783)
Summary A vulnerability in the form-data library CVE-2025-7783 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 4.0.5. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTT...
Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem
Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-lengt...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation
Summary A security vulnerability in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelo...
Security Bulletin: Security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak. Nginx is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak
Summary A security vulnerability in Python affects IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...