Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
IbmRecent
RecentMost viewed

34926 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:28 a.m.5 views

Security Bulletin: Vulnerability in cipher-base affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in cipher-base has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.1CVSS6.7AI score0.00142EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:27 a.m.5 views

Security Bulletin: Vulnerability in sha.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in sha.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.1CVSS4.6AI score0.0006EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:27 a.m.6 views

Security Bulletin: Vulnerability in Spring Framework MVC affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Spring Framework MVC has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

5.9CVSS5.4AI score0.05222EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:27 a.m.5 views

Security Bulletin: Vulnerability in Python-Future 1.0.0 module affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Python-Future 1.0.0 module has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

5.4CVSS6.2AI score0.00094EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:27 a.m.4 views

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

5.3CVSS4.6AI score0.00469EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:27 a.m.5 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7CVSS6.9AI score0.00136EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:27 a.m.6 views

Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Tomcat has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

6.9CVSS6AI score0.00308EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:26 a.m.9 views

Security Bulletin: Vulnerability in form-data affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in form-data has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

9.4CVSS5.6AI score0.01319EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:26 a.m.4 views

Security Bulletin: Vulnerability in node.js affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node.js has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

3.4CVSS6.3AI score0.00036EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:26 a.m.5 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component...

7.5CVSS6.2AI score0.00132EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:26 a.m.5 views

Security Bulletin: Vulnerability in IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component...

7.5CVSS6.4AI score0.0027EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:26 a.m.4 views

Security Bulletin: Vulnerability in AIOHTTP affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in AIOHTTP has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

7.5CVSS7.7AI score0.00424EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:24 a.m.5 views

Security Bulletin: Vulnerability in ACE affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in ACE has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

5.9CVSS9.2AI score0.00067EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 7:24 a.m.7 views

Security Bulletin: Vulnerability in Netty affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

7.5CVSS7.1AI score0.00953EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 6:2 a.m.7 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling Partner Engagement Manager

Summary Multiple vulnerabilities were addressed in IBM Sterling Partner Engagement Manager versions 6.2.3.5 and 6.2.4.2. Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security...

7.5CVSS8AI score0.54214EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 5:44 a.m.8 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "bcpkix-jdk18on-1.78.1.jar, golang.org/x/net/html v0.26.0 v0.33.0 , java 17.0.13 11.0.25, github.com/docker/docker v27.3.1 v25.0.6, github.com/go-viper/mapstructure/v2, golang.org/x/net/proxy v0.33.0,github.com/ulikunitz/xz v0.5.11 " which are vulnerable ...

6.5CVSS5.9AI score0.002EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 5:43 a.m.11 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "torch-2.8.0-cp310-none-macosx110arm64.whl, starlette-0.48.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl, urllib3-1.26.19-py2.py3-none-any.whl, urllib3-1.26.20-py2.py3-none-any.whl, urllib3-2.5.0-py3-none-any.whl", which are vulnerable to...

8.9CVSS7.4AI score0.00109EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 5:42 a.m.6 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "tomcat-embed-core-10.1.46.jar, js-yaml-4.1.0.tgz, keras-2.14.0-py3-none-any.whl, logback-core-1.5.18.jar, werkzeug-3.0.6-py3-none-any.whl" which are vulnerable to "CVE-2025-61795, CVE-2025-64718, CVE-2025-12058, CVE-2025-11226, CVE-2025-66221". This...

6.3CVSS7.6AI score0.00129EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 4:20 a.m.6 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Insufficiently Random Values vulnerability in form-data.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently...

9.4CVSS5.4AI score0.01319EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 3:30 a.m.7 views

Security Bulletin: IBM Edge Data Collector uses min-document-2.19.0.tgz which is vulnerable to CVE-2025-57352.

Summary IBM Edge Data Collector uses min-document-2.19.0.tgz which is vulnerable to CVE-2025-57352. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-57352 DESCRIPTION: A vulnerability exists in the 'min-document' package prior to version 2.19.0...

5.3CVSS7.5AI score0.00164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 3:29 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732. This bulletin contains information addressing the vulnerability. Vulnerability Details...

5.3CVSS6AI score0.00876EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 3:29 a.m.4 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.10.0.tgz, axios-1.11.0.tgz which are vulnerable to CVE-2025-58754.

Summary IBM Maximo Application Suite - Monitor Component uses axios-1.10.0.tgz, axios-1.11.0.tgz which are vulnerable to CVE-2025-58754. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client fo...

7.5CVSS6.1AI score0.00257EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 3:28 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889.

Summary IBM Maximo Application Suite - Monitor Component uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber...

3.1CVSS3.3AI score0.00092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 3:27 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889.

Summary IBM Edge Data Collector uses brace-expansion-1.1.11.tgz which is vulnerable to CVE-2025-5889. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to...

3.1CVSS3.2AI score0.00092EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/29 3:26 a.m.11 views

Security Bulletin: IBM Edge Data Collector uses django-4.2.25-py3-none-any.whl which is vulnerable to CVE-2025-64458, CVE-2025-64459.

Summary IBM Edge Data Collector uses django-4.2.25-py3-none-any.whl which is vulnerable to CVE-2025-64458, CVE-2025-64459. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-64458 DESCRIPTION: An issue was discovered in 5.1 before 5.1.14, 4.2...

9.1CVSS7.8AI score0.00296EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/25 2:4 p.m.10 views

Security Bulletin: Authentication bypass in IBM API Connect

Summary Internal testing has revealed a potential authentication bypass in IBM API Connect Vulnerability Details CVEID:CVE-2025-13915 DESCRIPTION: IBM API Connect could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. CWE:CWE-305:...

9.8CVSS7AI score0.00327EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/24 9:18 a.m.6 views

Security Bulletin: Vulnerability in nginx affects IBM Netezza Appliance

Summary The nginx package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-23419 Vulnerability Details CVEID:CVE-2025-23419 DESCRIPTION: When multiple server blocks are configured to share the same IP address and port, an attacker can use session...

5.3CVSS6.8AI score0.02857EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 4:47 p.m.6 views

Security Bulletin: TSSC/IMC is vulnerable to an Out-of-bounds Read

Summary TSSC/IMC is vulnerable to an Out-of-bounds Read. A patch was released to update the libssh package. Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftphandle function...

8.1CVSS6.3AI score0.00178EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 4:45 p.m.6 views

Security Bulletin: TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data

Summary TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data. A patch was released to update the bind package. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...

8.6CVSS6AI score0.00005EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 3:35 p.m.11 views

Security Bulletin: Multiple vulnerabilities affect CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition (CVE-2025-53057 and CVE-2025-53066).

Summary Due to the use of IBM® Runtime Environment Java™, CICS Transaction Gateway Desktop Edition and CICS Transaction Gateway for Multiplatforms are vulnerable to a multiple vulnerabilities CVE-2025-53057 and CVE-2025-53066. CICS Transaction Gateway for Multiplatforms and CICS Transaction Gatew...

7.5CVSS6.5AI score0.00068EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 3:30 p.m.9 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Advanced (CVE-2025-53066 and CVE-2025-53057)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Advanced CVE-2025-53066 and CVE-2025-53057. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

7.5CVSS6.6AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 3:27 p.m.5 views

Security Bulletin: Security vulnerabilities in Java SE shipped with TXSeries for Multiplatforms (CVE-2025-53066 and CVE-2025-53057)

Summary There are multiple vulnerabilities in the Java SE version shipped with TXSeries for Multiplatforms CVE-2025-53066 and CVE-2025-53057. An update to TXSeries for Multiplatforms has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An...

7.5CVSS6.8AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 3:23 p.m.15 views

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Standard (CVE-2025-53066 and CVE-2025-53057)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Standard CVE-2025-53066 and CVE-2025-53057. An update to IBM CICS TX Standard has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

7.5CVSS6.6AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 3:22 p.m.4 views

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in IBM® Db2® 11.5 used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.7 and earlier. Vulnerability Details CVEID:CVE-2015-8383 DESCRIPTION: PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a deni...

9.8CVSS9.8AI score0.0752EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 3:5 p.m.9 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM® Db2® Big SQL

Summary Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime 8 affect IBM® Db2® Big SQL 7.x on Cloud Pak for Data 4.x Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through...

7.5CVSS8.9AI score0.00319EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 2:49 p.m.3 views

Security Bulletin: Multiple open source vulnerabilities affect IBM Db2 Big SQL on Cloud Pak for Data

Summary Multiple open source vulnerabilities affect IBM Db2 Big SQL 7 on Cloud Pak for Data 5 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information, caused by the failure to strip the Proxy-Authorization header...

7.5CVSS7.9AI score0.02141EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 2:42 p.m.5 views

Security Bulletin: A vulnerability in module set-value affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in node.js open source package set-value affects IBM Db2 Big SQL 7.4.2 and earlier on Cloud Pak for Data 4.6.2 and earlier Vulnerability Details CVEID:CVE-2021-23440 DESCRIPTION: Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS8.2AI score0.00064EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 2:37 p.m.5 views

Security Bulletin: Vulnerability in micromatch affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in nodes.js module micromatch affects IBM Db2 Big SQL 7 on Cloud Pak for Data 5 Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in...

5.3CVSS7.2AI score0.00176EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/23 8:45 a.m.9 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for December 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF006 and 25.0.0-IF003. These vulnerabilities have been also addressed in 24.0.0-IF005. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficie...

8.8CVSS8.2AI score0.21423EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/22 8:41 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector

Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 7.0.0 Vulnerability Details CVEID:CVE-2019-10202 DESCRIPTION: A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EAP 7. This CVE fixes CVE-2017-17485,...

9.8CVSS7.9AI score0.82379EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/22 2:10 p.m.9 views

Security Bulletin: IBM DataPower Gateway potentially vulnerable to library path manipulation

Summary GNU C is used by IBM DataPower Gateway as part of the Supervisor component. Vulnerability Details CVEID:CVE-2025-4802 DESCRIPTION: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared...

7.8CVSS7.3AI score0.00043EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/22 1:43 p.m.10 views

Security Bulletin: Multiple security vulnerability fixes in IBM webMethods Managed File Transfer On-Prem

Summary Multiple vulnerabilities were addressed as part of IBM webMethods Managed File Transfer on-prem in the latestfix MAT11.1ServerFix2 Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final...

8.2CVSS6.9AI score0.00953EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/22 11:27 a.m.11 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules (CVE-2025-64718, CVE-2025-64756, CVE-2025-13466 & CVE-2025-65945)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to node modules js-yaml, glob, body-parser and jws. Vulnerability Details...

7.5CVSS6.8AI score0.00035EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/22 10:46 a.m.8 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition

Summary IBM Sterling Connect:Direct File Agent uses IBM Runtime Environment Java Technology Edition, Version 7 and 8. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related ...

7.5CVSS6.3AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/22 10:44 a.m.6 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Semeru Runtime

Summary IBM Sterling Connect:Direct File Agent uses IBM Semeru Runtime version 17. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could all...

7.5CVSS6.9AI score0.00068EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/22 9:22 a.m.16 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-36154 DESCRIPTION: IBM Concert Software stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user. CWE:CWE-313: Clearte...

9.8CVSS7.8AI score0.00651EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/19 9:14 p.m.12 views

Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities

Summary Components with known vulnerabilities were addressed in a IBM User Entity Behavior Analytics app release Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and...

10CVSS7.8AI score0.84489EPSS
Exploits372Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/19 9:13 p.m.9 views

Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes components with known vulnerabilities

Summary Components with known vulnerabilities were addressed in a IBM Security QRadar Network Threat Analytics app release Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to version...

9.1CVSS6.7AI score0.92118EPSS
Exploits55Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/19 9:6 p.m.13 views

Security Bulletin: Components with known vulnerabilities in IBM Security QRadar Analyst Workflow for IBM QRadar SIEM

Summary Multiple components with known vulnerabilities were addressed in a IBM Security QRadar Analyst Workflow for IBM QRadar SIEM release Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions...

9.4CVSS7.2AI score0.92118EPSS
Exploits65Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/12/19 8:59 p.m.6 views

Security Bulletin: Security Vulnerabilities in Java affect IBM Voice Gateway

Summary Security Vulnerabilities in Java affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality...

7.5CVSS6.5AI score0.00068EPSS
Exploits0Affected Software1
Total number of security vulnerabilities34926