35598 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to arbitrary code execution (GHSA-5c6j-r48x-rmvq)
Summary Node.js module serialize-javascript is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in urllib3 (CVE-2026-21441, CVE-2025-66471)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-21441, CVE-2025-66471 reported for urllib3. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTT...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Semeru Runtime Quarterly CPU - Jan 2026
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188 of IBM Semeru Runtime Quarterly CPU - Jan 2026 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service,...
Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)
Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...
Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench is affected by a stack overflow that crashes the Node.js process (CVE-2026-32141)
Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-32141 DESCRIPTION: flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given...
Security Bulletin: IBM HTTP Server shipped with IBM OpenPages is vulnerable to multiple vulnerabilities
Summary IBM HTTP Server used by IBM WebSphere Application Server, that is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM HTTP Server has been published in a security bulletin. These products have addressed the applicable CVEs. For a...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002.
Summary IBM Maximo Application Suite - Monitor Component uses vertx-core-5.0.4.jar which is vulnerable to CVE-2026-1002. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be...
Security Bulletin: IBM Transformation Extender Advanced is affected by multiple Java vulnerabilities.
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine is affected by it's dependency in Java's multiple vulnerabilities. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable...
Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Master Data Management On Cloud Pak for Data
Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Master Data Management formerly known as IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-2194...
Security Bulletin: AIX/VIOS Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)
Summary Vulnerabilities in Perl could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. AIX uses Perl in various operating system components. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4, XMLExternalEntityParserCreate does n...
Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)
Summary Vulnerabilities in Python could cause a null pointer dereference CVE-2026-24515 or an integer overflow CVE-2026-25210. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2026-24515 DESCRIPTION: In libexpat before 2.7.4,...
Security Bulletin: IBM i is affected by multiple vulnerabilities in OpenSSL
Summary OpenSSL for IBM i is vulnerable to heap-based out-of-bounds write when parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters CVE-2025-15467, writing large, newline-free data into a BIO chain CVE-2025-68160, or calling PKCS12getfriendlyname functio...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to an access control security vulnerability in Ops server (CVE-2025-14031)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed access control security vulnerability Vulnerability Details CVEID:CVE-2025-14031 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway could allow an unauthenticated attacker to send a specially...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to an access control vulnerability in AFT web app ( CVE-2026-1264 )
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed access control security vulnerability Vulnerability Details CVEID:CVE-2026-1264 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway allows a remote unauthenticated attacker to view and delete the...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to spoofing vulnerabilty in MSSQL JDBC driver (CVE-2025-59250)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed MSSQL JDBC driver vulnerability Vulnerability Details CVEID:CVE-2025-59250 DESCRIPTION: Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...
Security Bulletin: CVE-2026-3856 found in IBM Db2 Recovery Expert for Linux, UNIX and Windows v5.5
Summary IBM Db2 Recovery Expert for Linux, UNIX and Windows could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission. Vulnerability Details ID: CVE-2026-3856 DESCRIPTION: IBM DB2 Recovery Expert for Linux, UNIX...
Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities
Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...
Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services before 4.6.20 shipped with IBM Cloud Pak for Business Automation iFixes for January 2026.
Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation January 2026 security fixes update this dependency to 4.6.20 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2022-23990 DESCRIPTION: Expat aka...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to sensitive information written to a log file (CVE-2026-1265)
Summary A vulnerability due to sensitive information written to a log file in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1265 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to writing of sensitive Information in a log file. CWE:CWE-532:...
Security Bulletin: IBM i is affected by a denial of service vulnerability [CVE-2026-1376]
Summary IBM i is vulnerable to a denial of service using failed authentication connections due to improper allocation of resources CVE-2026-1376 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2026-1376 DESCRIPTION: IBM i could allow a remote attacker to cause a...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by cross-site scripting due to WebSphere Application Server Liberty
Summary WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of managing the lifecycle of Java servlets and client. CVE-2025-12635. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...
Security Bulletin: Race Condition in Eclipse Jersey (Versions 2.45, 3.0.16, 3.1.9) May Bypass Critical SSL Configurations and Compromise Secure Connections, affects watsonx.data
Summary In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by security bypass, denial of service, cross-site scripting and remote code execution vulnerabilities due to WebSphere Application Server Liberty
Summary WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of the web protection mechanism, interact with JSON data, authenticate and authorize client access for JMS messaging, manage the lifecycle of Java servlets and client, validation of user-suppli...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses urllib3 dependency which is vulnerable to CVE-2026-21441.
Summary IBM Maximo Application Suite - Visual Inspection Component uses urllib3 dependency which is vulnerable to CVE-2026-21441.This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034.
Summary IBM Maximo Application Suite - Visual Inspection Component uses fontTools dependency which is vulnerable to CVE-2025-66034. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66034 DESCRIPTION: fontTools is a library fo...
Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.313 Vulnerability Details CVEID:CVE-2025-49177 DESCRIPTION: A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a clie...
Security Bulletin: IBM Informix 12.10.xC16W6 updated to use the latest version of Java to address the Java vulnerabilities.
Summary IBM's Java version has been updated to 8.0.8.60 with Informix 12.10.xC16W6 to address multiple IBM Java vulnerabilities Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml, minimatch, and react-router
Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in js-yaml CVE-2025-64718, minimatch CVE-2026-26996, CVE-2026-27903, CVE-2026-27904, react-router CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030. This has been addressed in the...
Security Bulletin: IBM Transformation Extender Advanced is affected by a IBM WebSphere Application Server Liberty vulnerability
Summary IBM WebSphere Application Server Liberty is used by IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine. Liberty has been updated to address CVE-2025-14923 which causes a weaker then expected security posture when using the Security Utility contained in...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses mssql-jdbc-12.8.1.jre11.jar dependency which is vulnerable to CVE-2025-59250.
Summary IBM Maximo Application Suite - Manage Component uses mssql-jdbc-12.8.1.jre11.jar dependency which is vulnerable to CVE-2025-59250. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-59250 DESCRIPTION: Improper input...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses Starlette dependency which is vulnerable to CVE-2025-62727.
Summary IBM Maximo Application Suite - Visual Inspection Component uses Starlette dependency which is vulnerable to CVE-2025-62727. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-62727 DESCRIPTION: Starlette is a lightweigh...
Security Bulletin: OpenPages is vulnerable to IIBM Semeru Runtime Quarterly CPU - Jan 2026 - Includes OpenJDK January 2026 CPU plus one CVE
Summary IBM Semeru Runtime Quarterly CPU - Jan 2026 - Includes OpenJDK January 2026 CPU plus one CVE. CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 5.0.2 Vulnerability Details CVEID:CVE-2026-24842 DESCRIPTION: node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolutio...
Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics
Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...
Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-57753 DESCRIPTION: vite-plugin-static-cop...
Security Bulletin: PyArrow vulnerability affecting IBM Watson Studio in Cloud Pak for Data (CVE-2023-47248)
Summary PyArrow vulnerability in Runtimes 22.2 and Runtimes 23.1 components impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-47248 DESCRIPTION: Deserialization of untrusted data in IP...
Security Bulletin: Optional Mongo DB images in IBM Automation Decision Services 24.0.x are affected by CVE-2025-14847
Summary CVE-2025-14847 has been reported for the Mongo DB images shipped with IBM Automation Decision Services 24.0.0 and 24.0.1.. An updated version of the image is available. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may...
Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - January 2026 CPU affects IBM OpenPages
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - January 2026 has been published in multiple security bulletins. These products have addressed the...
Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - October 2025 affects IBM OpenPages
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 has been published in multiple security bulletins. These products have addressed the...
Security Bulletin: Due to the use of Python setuptools IBM Foundationdb Operator is vulunerable for denial of service attack
Summary IBM Database Operator for FoundationDB contains Python setuptools internally CVE-2022-40897 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Python Packaging Authority PyPA setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package o...
Security Bulletin: Due to use of golang.org/x/text, IBM Database Operator for Foundationdb is vulnerable to denial of service attack.
Summary IBM Database Operator for FoundationDB contains golang.org/x/text internally CVE-2021-38561 Vulnerability Details CVEID:CVE-2021-38561 DESCRIPTION: golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index...
Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem
Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.1 Vulnerability Details CVEID:CVE-2026-25990 DESCRIPTION: Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image...
Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-362...
Security Bulletin: IBM Rhapsody Systems Engineering is using qs-6.14.0 which is vulnerable to CVE-2025-15284
Summary A security vulnerability was identified in the QS package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper...