Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:42 p.m.13 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation

Summary A security vulnerability in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkze...

6.3CVSS6.6AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:39 p.m.5 views

Security Bulletin: Multiple security vulnerabilities in Python affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Python affects IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

8.9CVSS6.9AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:39 p.m.4 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core (CVE-2025-68161)

Summary SPSS Collaboration and Deployment Services is affected by an Improper Certificate Validation vulnerability in Apache Log4j Core CVE-2025-68161. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j...

6.3CVSS6.4AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:37 p.m.16 views

Security Bulletin: Multiple security vulnerabilities in Python affects IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTIO...

8.9CVSS6.9AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:35 p.m.7 views

Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak

Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

7.5CVSS6.7AI score0.00591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:0 p.m.7 views

Security Bulletin: Memory Safety Vulnerabilities in SSH Agents and Servers: Out-of-Bounds Read and Unbounded Memory Consumption, affects watsonx.data

Summary SSH Agent servers are vulnerable to out-of-bounds reads when processing malformed new identity requests, which can cause the agent to panic. Additionally, SSH servers handling GSSAPI authentication requests do not validate the number of mechanisms specified, potentially allowing attackers...

5.3CVSS6.7AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 10:6 a.m.4 views

Security Bulletin: IBM Storage Insights is vulnerable to weaknesses related to Java SE (CVE-2025-53066,CVE-2025-53057 )

Summary Vulnerabilities in Java SE may affect IBM Storage Insights. Vulnerability CVE-2025-53066 could allow a remote attacker to cause high confidentiality impact, no integrity impact, and no availability impact. Vulnerability CVE-2025-53057 could allow a remote attacker to cause no...

7.5CVSS6.7AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 9:21 p.m.13 views

Security Bulletin: IBM Sterling Connect:Direct for Unix is impacted by vulnerabilities due to IBM Java 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct for UNIX in product configuration and data transmission. IBM Sterling Connect:Direct for UNIX is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct for UNIX has upgraded IBM Java 17 to address the issues. Vulnerabilit...

9.8CVSS6.9AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:12 p.m.8 views

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server could provide weaker than expected security when using the Security Utility to encode a secret. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security when using the...

9.8CVSS5.5AI score0.00173EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:47 p.m.8 views

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2025-12635 and CVE-2025-14914).

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2025-12635 and CVE-2025-14914. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTIO...

7.6CVSS5.8AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:43 p.m.7 views

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2025-12635 and CVE-2025-14914).

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2025-12635 and CVE-2025-14914. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address these vulnerabilities. Vulnerability Details...

7.6CVSS5.8AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:42 p.m.9 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages.

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has a...

8.9CVSS6.9AI score0.00689EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:40 p.m.14 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2026-24486,CVE-2025-50537,CVE-2026-24688)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2026-24486 DESCRIPTION: Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using...

8.6CVSS6.9AI score0.02228EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:39 p.m.6 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2018-20225, CVE-2025-6985, CVE-2025-54368)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intend...

7.8CVSS6.7AI score0.01736EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:38 p.m.12 views

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2025-62727, CVE-2025-58754)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker...

7.5CVSS6.7AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 4:36 p.m.6 views

Security Bulletin: IBM watsonx.data integration has vulnerabilities due to open source packages (CVE-2025-55197)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-55197 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM bein...

8.7CVSS7AI score0.00408EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 3:48 p.m.6 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-27903)

Summary IBM Security SOAR uses an older version of the minimatch component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.1 Vulnerability Details CVEID:CVE-2026-27903 DESCRIPTION:...

7.5CVSS5.6AI score0.00517EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 3:46 p.m.4 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-26996)

Summary IBM Security SOAR uses an older version of the minimatch component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.1 Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION:...

8.7CVSS5.6AI score0.00519EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 3:44 p.m.7 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-25639)

Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is...

7.5CVSS7.4AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 11:43 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745

Summary IBM Maximo Application Suite - Visual Inspection component uses node-tar which is vulnerable to CVE-2026-23745, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-23745 DESCRIPTION: node-tar is a Tar for Node.js. The...

8.2CVSS6.7AI score0.00334EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 10:54 a.m.13 views

Security Bulletin: IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core (CVE-2025-68161)

Summary IBM App Connect for Manufacturing is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostnam...

6.3CVSS6.5AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 10:42 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses filelock which is vulnerable to CVE-2025-68146

Summary IBM Maximo Application Suite - Visual Inspection component uses filelock which is vulnerable to CVE-2025-68146, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent fi...

6.5CVSS7.4AI score0.00184EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 10:10 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-23490

Summary IBM Maximo Application Suite - Visual Inspection component uses pyasn1 which is vulnerable to CVE-2026-23490 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic ASN.1 library for...

7.5CVSS6.9AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:22 a.m.5 views

Security Bulletin: Symlink Traversal Vulnerability in pip Tar Extraction Fallback on Pre-PEP 706 Python Versions, watsonx.data

Summary A vulnerability in pip allows improper handling of symbolic links during tar extraction on older Python versions without PEP 706, potentially leading to path traversal outside the intended directory; updating pip and Python mitigates the risk. This can affect watsonx.data. Vulnerability...

5.9CVSS6.8AI score0.00438EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:21 a.m.4 views

Security Bulletin: Command Injection Vulnerability in FastMCP server_name Field Enables Arbitrary Command Execution on Windows affects watsonx.data

Summary FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This can affect...

7.8CVSS6.1AI score0.00206EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:20 a.m.5 views

Security Bulletin: Uninitialized Memory Exposure in node-tar list/t Sync Mode When Tar File Is Modified During Read affect IBM watsonx.data

Summary node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2. These can affect IBM watsonx.data...

6.1CVSS6.7AI score0.00128EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 8:20 a.m.6 views

Security Bulletin: StackOverflowError Denial-of-Service Vulnerability in Apache Commons Lang ClassUtils.getClass() Due to Uncontrolled Recursion affects watsonx.data

Summary Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass... can throw StackOverflowError on very lo...

5.3CVSS6.5AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 7:32 a.m.5 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Eclipse Paho Java client library

Summary A vulnerability has been identified in Eclipse Paho Java client library, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2019-11777 DESCRIPTION: In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT serve...

7.5CVSS6.6AI score0.00827EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 6:32 a.m.6 views

Security Bulletin: due to the use of IBM WebSphere Application Server and WebSphere Application Server Liberty, IBM Watson Explorer is vulnerable to a cross-site scripting vulnerability.

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty is used by IBM Watson Explorer. IBM Watson Explorer has addressed the applicable CVE CVE-2025-12635 Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM...

5.4CVSS5.7AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 9:2 p.m.7 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2026 - Includes Oracle January 2026 CPU

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

7.5CVSS5.9AI score0.00864EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 9:1 p.m.5 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2026 - Includes Oracle January 2026 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

7.5CVSS5.9AI score0.00864EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:58 p.m.4 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

7.5CVSS5.9AI score0.00633EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:57 p.m.4 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

7.5CVSS5.9AI score0.00633EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:53 p.m.6 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

8.1CVSS5.9AI score0.01058EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:52 p.m.9 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 - Includes Oracle July 2025 CPU

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

8.1CVSS5.9AI score0.01058EPSS
Exploits1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:50 p.m.6 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

7.8CVSS7.5AI score0.00688EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:48 p.m.8 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2025 - Includes Oracle April 2024 CPU plus CVE-2025-4447

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

7.8CVSS7.5AI score0.00688EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:23 p.m.7 views

Security Bulletin: Communications Server (CS) for Data Center Deployment, CS for Linux, and CS for Linux on System z are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Communications Server CS for Data Center Deployment, CS for Linux, and CS for Linux on System z install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database...

5.3CVSS7AI score0.01157EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 8:21 p.m.8 views

Security Bulletin: Communications Server (CS) for Data Center Deployment and CS for AIX are affected by: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2024 - Includes Oracle October 2024 CPU plus CVE-2024-10917

Summary Communications Server CS for Data Center Deployment and CS for AIX install a local Java JRE in its product directories. This JRE is used solely for the IBM Key Manager ikeyman tool which is called by the snakeyman script used for managing the SSL key database used by the TN3270 Server and...

5.3CVSS7AI score0.01157EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 4:58 p.m.6 views

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (February 2026)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

5.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:34 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard could allocate unbounded memory and crash (DoS) CVE-2025-58754

Summary Axios is used by the IBM Datapower Operations Dashboard for their HTTP Client for node.js and the browser Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions...

7.5CVSS7.4AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:33 p.m.4 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to HTTP Request Smuggling CVE-2025-58056

Summary Netty is used by the IBM Datapower Operations Dashboard in their network implementation Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients...

7.5CVSS5.8AI score0.00631EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:32 p.m.5 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a StackOverflowError CVE-2025-48924

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility operations Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS5.8AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:30 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to allocation of resources without limits or throttling CVE-2025-8916

Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard in their cryptographic operations Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules...

6.3CVSS5.8AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:29 p.m.4 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2024-11831

Summary Node is used by the IBM Datapower Operations Dashboard in their network implementation Vulnerability Details IBM X-Force ID: 351136 DESCRIPTION: Node.js npm inflight module is vulnerable to a denial of service, caused by the failure to properly delete keys from the reqs object after...

5.4CVSS6AI score0.01006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:28 p.m.5 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to a denial of service CVE-2023-34109

Summary zxcvbn is used by the IBM Datapower Operations Dashboard to improve password security Vulnerability Details CVEID:CVE-2023-34109 DESCRIPTION: zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform whic...

7.5CVSS5.7AI score0.00496EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:27 p.m.6 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to improper resource shutdown or release CVE-2025-61795

Summary Apache Tomcat is used by the IBM Datapower Operations Dashboard in their HTTP web server implementation Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred including exceeding limits during the...

5.3CVSS5.7AI score0.01139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:25 p.m.7 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to allocation of resources without limits or throttling CVE-2025-8885

Summary Bouncy Castle is used by the IBM Datapower Operations Dashboard in their cryptographic operations Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules...

6.3CVSS5.8AI score0.00505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:24 p.m.13 views

Security Bulletin: IBM Datapower Operations Dashboard may allow remote attackers to access the ClassLoader and execute arbitrary code CVE-2025-48734

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility implementation Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. Th...

8.8CVSS6.1AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 4:39 a.m.5 views

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable due to jackson-core. (CVE-2025-52999)

Summary jackson-core-2.13.1.jar is updated to jackson-core-2.18.3.jar in the latest IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service repo where security vulnerability is not observed. CVE-2025-52999. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTIO...

8.7CVSS5.8AI score0.00634EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35598