35598 matches found
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Semeru Runtime
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754 of IBM Semeru Runtime Quarterly CPU - Jul 2025 . Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle...
Security Bulletin: IBM MQ is affected by an authority vulnerablility (CVE-2026-1713)
Summary IBM MQ has addressed an authority vulnerablility Vulnerability Details CVEID:CVE-2026-1713 DESCRIPTION: IBM MQ is affected by an authority vulnerability allowing users access to SYSTEM.AUTH.DATA.QUEUE. CWE:CWE-305: Authentication Bypass by Primary Weakness CVSS Source: IBM CVSS Base score...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in http2-common (CVE-2025-5115)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-5115 of http2-common-11.0.24.jar. Vulnerability Details CVEID:CVE-2025-5115 DESCRIPTION: In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-core (CVE-2025-41249)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41249 of spring-core-6.2.6.jar. Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-security-core (CVE-2025-41248)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41248 of spring-security-core-6.4.5.jar. Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Semeru Runtime (CVE-2025-53057, CVE-2025-53066)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-53057, CVE-2025-53066 of IBM Semeru Runtime Quarterly CPU - Oct 2025 Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM SDK, Java Technology (CVE-2025-53066, CVE-2025-53057)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-53066, CVE-2025-53057 of IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow ...
Security Bulletin: IBM Maximo Application Suite uses os/exec 1.24.3; 1.24.4, ansible-9.4.0, github.com/eclipse/paho.mqtt.golang v1.3.5 and archive/tar 1.24.2; 1.24.4 which is vulnerable to CVE-2025-47906,CVE-2025-14010,CVE-2025-10543 and CVE-2025-58183
Summary IBM Maximo Application Suite uses os/exec 1.24.3; 1.24.4, ansible-9.4.0, github.com/eclipse/paho.mqtt.golang v1.3.5 and archive/tar 1.24.2; 1.24.4 which is vulnerable to CVE-2025-47906,CVE-2025-14010,CVE-2025-10543 and CVE-2025-58183. This bulletin contains information regarding the...
Security Bulletin: IBM Streamsets Cartridge shipped with publicy disclosed vulnerablity version of containerd
Summary IBM Streamsets Cartridge shipped with publicy disclosed vulnerablity version of containerd github.com/containerd/containerd v1.7.28 CVE-2024-25621 Vulnerability Details CVEID:CVE-2024-25621 DESCRIPTION: containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28,...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.311 Vulnerability Details CVEID:CVE-2025-61725 DESCRIPTION: The ParseAddress function constructs domain-literal address components through repeated string concatenatio...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.1 Vulnerability Details CVEID:CVE-2025-58183 DESCRIPTION: tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A...
Security Bulletin: A security vulnerability in spring-expression-5.3.31.jar affects IBM DevOps Code ClearCase [CVE-2024-38808]
Summary A security vulnerability in spring-expression-5.3.31.jar affects IBM DevOps Code ClearCase CVE-2024-38808 Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially...
Security Bulletin: A security vulnerability in logback-classic-1.3.14.jar affects IBM DevOps Code ClearCase [CVE-2024-12798]
Summary A security vulnerability in logback-classic-1.3.14.jar affects IBM DevOps Code ClearCase CVE-2024-12798 Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java...
Security Bulletin: Multiple vulnerabilities in logback-core-1.3.14.jar affects IBM DevOps Code ClearCase [CVE-2024-12798, CVE-2024-12801, CVE-2025-11226,CVE-2026-1225]
Summary Multiple vulnerabilities in logback-core-1.3.14.jar affects IBM DevOps Code ClearCase CVE-2024-12798, CVE-2024-12801, CVE-2025-11226,CVE-2026-1225 Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-core up to and...
Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to OpenSSL
Summary Vulnerabilities in OpenSSL could allow an attacker to potentially execute arbitrary code CVE-2025-15467 or cause a denial of service CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796. OpenSSL is used by AIX as part of AIX's secu...
Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector
Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 7.2.0 Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, eve...
Security Bulletin: IBM Verify Identity Governance (IVIG/ISVG) has multiple vulnerabilities
Summary Multiple security vulnerabilities in the dependent components have been addressed in the latest updates to IBM Security Verify Governance and its re-branded version, IBM Verify Identity Governance Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9.0...
Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2
Summary Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2024-22415 DESCRIPTION: jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters +...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-24001)
Summary IBM Security SOAR uses an older version of the jsdiff component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff ...
Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2
Summary Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2025-27221 DESCRIPTION: In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leaka...
Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2
Summary Security Bulletin: Common vulnerabilities addressed in Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested...
Security Bulletin: IBM Maximo Asset Configuration Manager uses log4j-core-2.17.1 which is vulnerable to CVE-2025-68161
Summary IBM Maximo Asset Configuration Manager uses log4j-core-2.17.1 which is vulnerable to CVE-2025-68161. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...
Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway
Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14923)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security when using the Security Utility to administer security settings. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14923)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security when using the Security Utility to administer security settings. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server could provide weaker than expected security (CVE-2025-13333)
Summary IBM WebSphere Application Server could provide weaker than expected security. Vulnerability Details CVEID:CVE-2025-13333 DESCRIPTION: IBM WebSphere Application Server could provide weaker than expected security during system administration of security settings. CWE:CWE-358: Improperly...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-1188)
Summary IBM Security SOAR uses an older version of the OMR component in OpenJ9 JVM that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTIO...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14923)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when using the Security Utility to administer security settings. Vulnerability Details Refer to the security...
Security Bulletin: Due to the use of JetBrains Kotlin, IBM webMethods BPM is vulnerable to the use of Java API for temporary file and folder creation
Summary IBM webMethods BPM uses JetBrains Kotlin which is vulnerable to the use of Java API for temporary file and folder creation. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An...
Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition.
Summary Due to the use of IBM® Runtime Environment Java™, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to multiple vulnerabilities. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition have updated the...
Security Bulletin: ELM on Hybrid Cloud vulnerabilities addressed in 1.3.0
Summary This release addresses security vulnerabilities in application and operator images of ELM on Hybrid cloud offering. Identified vulnerabilities identified below relate to the underlying OS packages and language dependencies which impacts the product within the deployed environment. One of...
Security Bulletin: Remediation of Multiple Apache Struts Vulnerabilities in IBM Library Support for Struts
Summary Multiple Apache Struts vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2025-68493 DESCRIPTION: Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to bypass of Trust Restrictions due to Eclipse Jersey
Summary A race condition in Eclipse Jersey can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. IBM Sterling Secure Proxy has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: I...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in IBM Semeru Runtime version 17
Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188...
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Semeru Runtime 17
Summary There are vulnerabilities in IBM Semeru Runtime version 17 used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVEs CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925, CVE-2026-1188. Vulnerability Details...
Security Bulletin: IBM Maximo Application suite Visual Inspection Component back ported version 8.9.x uses components that are vulnerable to CVE-2021-31684, CVE-2023-1370, CVEID: CVE-2023-52428, CVE-2024-7254,CVE-2024-27268.
Summary IBM Maximo Application suite Visual Inspection Component back ported version 8.9.x uses components that are vulnerable to CVE-2021-31684, CVE-2023-1370, CVEID: CVE-2023-52428, CVE-2024-7254,CVE-2024-27268. This Bulletine contains information of the vulerable product version and it's...
Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Handling of Length Parameter Inconsistency (CVE-2025-14847)
Summary There is a vulnerability in MongoDB Server used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-14847. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.15 Vulnerability Details CVEID:CVE-2026-22860 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the...
Security Bulletin: IBM Planning Analytics Advanced Certified Containers is vulnerable to a sensitive information disclosure vulnerability
Summary A vulnerability was addressed in IBM Planning Analytics Advanced Certified Containers. Vulnerability Details CVEID:CVE-2025-36105 DESCRIPTION: IBM Planning Analytics Advanced Certified Containers could allow a local privileged user to obtain sensitive information from environment variable...
Security Bulletin: IBM Terracotta is affected by an Apache Avro vulnerability that could allow code injection leading to access to unauthorized resources
Summary IBM Terracotta uses Apache Avro as part of Apache Parquet used within the IBM Terracotta implementation for data export and import. Vulnerability Details CVEID:CVE-2025-33042 DESCRIPTION: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (January 2026) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2026. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...
Security Bulletin: IBM Engineering Requirements Management DOORS and DOORS Web Access is affected by multiple vulnerabilities
Summary This release addresses multiple security vulnerabilities across various components of IBM Engineering Requirements Management DOORS and DOORS Web Access product. Many vulnerabilities are rated Critical CVSS ≥ 9.0, including a Tomcat rewrite rule bypass CVE-2025-31651, Tomcat Improper...
Security Bulletin: IBM WebSphere Application Server is affected by a denial of service by IBM Master Data Management (CVE-2025-36097)
Summary IBM Master Data Management version 11.6, 12.0 and 14.0 are impacted by vulnerability in WebSphere Application Server which could create a denial of service caused by a stack-based overflow. Vulnerability Details CVEID:CVE-2025-36097 DESCRIPTION: IBM WebSphere Application Server 9.0 and...
Security Bulletin: IBM WebSphere Application Server is affected by a denial of service due to Apache Commons FileUpload used by IBM Master Data Management (CVE-2025-48976)
Summary IBM Master Data Management version 11.6, 12.0 and 14.0 are impacted by vulnerability in WebSphere Application Server which may allocate resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. Vulnerability Details...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...
Security Bulletin: Multiple vulnerabilties affects IBM DB2 Data Management Console
Summary traverse-7.17.3.tgz , sshd-core-1.7.0.jar dependency packages are being used by IBM Db2 Data Management Console. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2022-45047 DESCRIPTION: Class...
Security Bulletin: Multiple vulnerabilties affects IBM DB2 Data Management Console
Summary sshd-common-2.10.0.jar, dompurify-2.2.7.tgz, derby-10.16.1.1.jar, ion-java-1.2.0.jar dependency packages are being used by IBM Db2 Data Management Console. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION:...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM Db2 shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary IBM Db2 is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about multiple security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Location Service for ESRI Component uses werkzeug-3.1.4 and urllib3-2.6.2 library which were vulnerable to CVE-2026-21860 and CVE-2026-21441 respectively
Summary Location Service for ESRI Component uses werkzeug-3.1.4 and urllib3-2.6.2 library which were vulnerable to CVE-2026-21860 and CVE-2026-21441 respectively. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is...