35598 matches found
Security Bulletin: IBM Rhapsody Systems Engineering is using @modelcontextprotocol/sdk-1.15.0 which is vulnerable to CVE-2026-0621
Summary A security vulnerability was identified in the @modelcontextprotocol/sdk package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2026-0621...
Security Bulletin: IBM Rhapsody Systems Engineering is using langchain-0.3.30 which is vulnerable to CVE-2025-68665
Summary A security vulnerability was identified in the Langchain OSS package used in our product. The issue has been resolved by removing the vulnerable package and all LangChain-related dependencies from the codebase. Vulnerability Details CVEID:CVE-2025-68665 DESCRIPTION: LangChain is a framewo...
Security Bulletin: Optional Mongo DB images in IBM Cloud Pak for Business Automation 24.0.x are affected by CVE-2025-14847
Summary CVE-2025-14847 has been reported for the Mongo DB images shipped with IBM Cloud Pak for Business Automation 24.0.x. An updated version of the image is available. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow ...
Security Bulletin: Due to the use of Underscore.js, IBM DevOps Solution Workbench is affected by a Denial of Service (CVE-2026-27601)
Summary Underscore.js is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specif...
Security Bulletin: Unexpected SSH_AGENT_SUCCESS Response Causes Client Panic and Premature Termination in SSH Client, affects watsonx.data
Summary SH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response wi...
Security Bulletin: Inefficient Regular Expression Complexity (ReDoS) Vulnerability in nth-check affect IBM watsonx.data
Summary nth-check is vulnerable to Inefficient Regular Expression Complexity. These can affect IBM watsonx.data. Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to Inefficient Regular Expression Complexity CWE:CWE-1333: Inefficient Regular Expression Complexity CVSS...
Security Bulletin: IBM Edge Data Collector uses nix-0.26.4.crate, nix-0.29.0.crate, tokio-util-0.6.10.crate, tokio-util-0.7.13.crate which is vulnerable to CVE-2021-41248.
Summary IBM Edge Data Collector uses nix-0.26.4.crate, nix-0.29.0.crate, tokio-util-0.6.10.crate, tokio-util-0.7.13.crate which is vulnerable to CVE-2021-41248. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2021-41248 DESCRIPTION: GraphiQL is the...
Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-55754 DESCRIPTION:...
Security Bulletin: Vulnerability in libxml2 (CVE-2025-8732) affects AIX/VIOS
Summary Updated Mar 13 2026: Added iFix information for VIOS 3.1. Vulnerability in libxml2 could cause an uncontrolled recursion CVE-2025-8732. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2025-8732 DESCRIPTION: A vulnerability was found in libxml2 up to...
Security Bulletin: Multiple vulnerabilities in QRadar Suite Software
Summary Multiple vulnerabilities were addressed in IBM Security QRadar Suite Software version 1.11.9.0 Vulnerability Details CVEID:CVE-2025-22150 DESCRIPTION: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose...
Security Bulletin: Remediation of Multiple Apache Struts Vulnerabilities in IBM Library Support for Struts
Summary Multiple Apache Struts vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2008-2025 DESCRIPTION: Cross-site scripting XSS vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise SLE 11, before 1.2.9-108.2 on SUSE...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to runc CVE-2025-52881
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to runc CVE-2025-52881. The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-52881 DESCRIPTION: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-8869 DESCRIPTION: When extracting a tar archive pip may not check symbolic lin...
Security Bulletin: Security vulnerabilities have been found in IBM Verify Directory (Container)
Summary Security vulnerabilities have been addressed in IBM Verify Directory Container Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A...
Security Bulletin: Multiple Vulnerabilities in IBM Sterling Configure, Price, Quote (on-prem).
Summary Multiple vulnerabilities were addressed in IBM Sterling Configure, Price, Quote on-prem version 10.0.0.0-Sterling-VM-All-fp00027 Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support...
Security Bulletin: IBM App Connect Enterprise is vulnerable to denial of service due to Node.js module axios (CVE-2026-25639)
Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to denial of service due to Node.js module axios. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') due to Lodash (CVE-2025-13465)
Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' due to Lodash. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses brace-expansion dependency which is vulnerable to CVE-2026-25547.
Summary IBM Maximo Application Suite - Visual Inspection Component uses brace-expansion dependency which is vulnerable to CVE-2026-25547. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25547 DESCRIPTION:...
Security Bulletin: Unrestricted Internet Access/Outbound Connections vulnerability found in CICS Transaction Gateway for Multiplatforms container (CVE-2026-0977)
Summary An Unrestricted Internet Access/Outbound Connections vulnerability affects the CICS Transaction Gateway for Multiplatforms container. CICS Transaction Gateway for Multiplatforms container has documented how to address the applicable vulnerability. Vulnerability Details CVEID:CVE-2026-0977...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses CodeMirror dependency which is vulnerable to CVE-2025-6493.
Summary IBM Maximo Application Suite - Visual Inspection Component uses CodeMirror dependency which is vulnerable to CVE-2025-6493. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been...
Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) could provide weaker than expected security (CVE-2025-13333)
Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM could provide weaker than expected security. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Ja...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Console
Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.9 Vulnerability Details CVEID:CVE-2025-13459 DESCRIPTION: IBM Aspera Console could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. CWE:CWE-841: Improper...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution (CVE-2026-3455)
Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module mailparsr CVE-2026-3455 Vulnerability Details...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to XSS security vulnerability in the dashboard UI (CVE-2023-40693)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the XSS security vulnerability Vulnerability Details CVEID:CVE-2023-40693 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting. This vulnerability allows users to embed...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Input Validation due to node module qs (CVE-2025-15284)
Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Improper Input Validation due to node module qs. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules...
Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager
Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.6 and 6.2.4.3. Vulnerability Details CVEID:CVE-2016-1000338 DESCRIPTION: In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on...
Security Bulletin: Multiple Vulnerabilities in IBM Event Streams
Summary Multiple vulnerabilities were addressed in IBM Event Streams version 12.2.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a...
Security Bulletin: IBM Security Directory Suite is affected by multiple vulnerabilities (CVE-2025-48976, CVE-2025-36047, CVE-2025-53066, CVE-2025-53057)
Summary IBM Security Directory Suite is affected by WebSphere Liberty vulnerabilities CVE‑2025‑48976, CVE‑2025‑36047 and Java vulnerabilities CVE‑2025‑53066, CVE‑2025‑53057. These vulnerabilities have been addressed with an update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An...
Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Improper Restriction of XML External Entity Reference (CVE-2022-39135)
Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to Apache Calcite Core 1.37.0 introduced the SQL operators vulnerable to a potential XML External Entity XXE attack. . These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2022-39135 DESCRIPTION: Apache Calcite 1.22.0...
Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service
Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-29371 Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS...
Security Bulletin: Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider
Summary HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5. Vulnerability Details CVEID:CVE-2026-2808...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to Cryptographic Weakness in IBM Liberty Server ( CVE-2020-36732)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cryptographic weakness vulnerability Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an intege...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to information disclosure (CVE-2025-14483)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed information disclosure security vulnerability Vulnerability Details CVEID:CVE-2025-14483 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway could disclose sensitive host information to authenticat...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable due to XSS vulnerability EBICS server (CVE-2025-14504)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed XSS vulnerability Vulnerability Details CVEID:CVE-2025-14504 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway is vulnerable to cross-site scripting. This vulnerability allows an authenticated us...
Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities
Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2020-27223, CVE-2021-28169, CVE-2022-2047, CVE-2023-26049, CVE-2023-36478, CVE-2023-40167 Vulnerability Details CVEID:CVE-2020-27223 DESCRIPTION: In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114...
Security Bulletin: IBM Guardium Data Protection is affected by MySQL Server July 2025 CPU vulnerabilities.
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only se...
Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities
Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset...
Security Bulletin: Multiple Security vulnerabilities affecting IBM Knowledge Catalog Premium Cartridge
Summary Multiple security vulnerabilities impacting IBM Knowledge Catalog Premium Cartridge. These vulnerabilities had been addressed and customers should update to the recommended version of the product at the earliest opportunity. Vulnerability Details CVEID:CVE-2024-38816 DESCRIPTION:...
Security Bulletin: Multiple Vulnerabilities in IBM Workload Scheduler component of IBM Workload Automation
Summary Multiple vulnerabilities were addressed in IBM Workload Scheduler component of IBM Workload Automation 10.2.5 Vulnerability Details CVEID:CVE-2024-21094 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause no confidentiali...
Security Bulletin: Multiple Vulnerabilities in IBM Workload Scheduler component of IBM Workload Automation
Summary Multiple vulnerabilities were addressed in IBM Workload Scheduler component of IBM Workload Automation 10.1.0.5 and 10.2.3 Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel...
Security Bulletin: Multiple Vulnerabilities in IBM Workload Scheduler Container component of IBM Workload Automation Container
Summary Multiple vulnerabilities were addressed in IBM Workload Scheduler Container component of IBM Workload Automation Container 10.1.0.6 and 10.2.5 Vulnerability Details CVEID:CVE-2023-6597 DESCRIPTION: An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions...
Security Bulletin: Multiple vulnerabilities in IBM Watsonx BI Assistant for CP4D
Summary Multiple vulnerabilities were addressed in IBM Watsonx BI Assistant for CP4D version 5.3.0 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an...
Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2024-29371)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a denial of service vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerability (CVE-2026-3288)
Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerability CVE-2026-3288. A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can...
Security Bulletin: Vulnerabilities in MongoDB, Python, Node.js, Golang Go, Linux kernel affect IBM Spectrum Protect Plus
Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in MongoDB, Python, Node.js, Golang Go and Linux. Vulnerabilities include obtaining sensitive information, causing a denial of service condition, the elevation of privileges, query parameter smuggling, remote execution of...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-29371)
Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow traditional. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator
Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.3 Vulnerability Details CVEID:CVE-2025-13213 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-13465)
Summary IBM Security SOAR uses an older version of the Lodash component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.314 Vulnerability Details CVEID:CVE-2025-61727 DESCRIPTION: An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the...
Security Bulletin: IBM Trusteer Rapport installer affected by uncontrolled search path element vulnerability
Summary IBM Trusteer Rapport installer is affected by an uncontrolled search path element vulnerability that could allow a local attacker to execute arbitrary code. Vulnerability Details CVEID:CVE-2026-2713 DESCRIPTION: IBM Trusteer Rapport could allow a local attacker to execute arbitrary code o...