Lucene search
K

35598 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/06 5:50 a.m.9 views

Security Bulletin: Due to the use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition is affected by affected by cross-site scripting (CVE-2025-12635).

Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is affected by cross-site scripting. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Tivol...

5.4CVSS5.7AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/06 5:27 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses eslint-9.17.0 in map-application which is vulnerable to CVE-2025-50537

Summary IBM Maximo Application Suite - Manage Component uses eslint-9.17.0 in map-application which is vulnerable to CVE-2025-50537. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-50537 DESCRIPTION: Stack overflow vulnerability...

5.5CVSS5.9AI score0.00163EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 6:24 p.m.8 views

Security Bulletin: InfoSphere Data Architect 9.2.1

Summary Multiple Vulnerabilites has been fixed. IBM strongly recommends addressing the vulnerability now by upgrading to release 9.2.1 Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote...

7.5CVSS6AI score0.01193EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 6:22 p.m.11 views

Security Bulletin: InfoSphere Data Architect 9.2.1

Summary Multiple Vulnerabilites has been fixed. IBM strongly recommends addressing the vulnerability now by upgrading to release 9.2.1 Vulnerability Details CVEID:CVE-2022-40609 DESCRIPTION: IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary...

9.8CVSS6.6AI score0.02474EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 6:20 p.m.8 views

Security Bulletin: IBM Data Studio client - CVE-2023-30441

Summary IBM Java versions 8.0.7.0 - 8.0.7.11 are vulnerable to crypto attacks - Has been fixed in IBM Data Studio client 4.2.0. IBM strongly recommends addressing the vulnerability now by upgrading to release 4.2.0 Vulnerability Details CVEID:CVE-2023-30441 DESCRIPTION: IBM Runtime Environment,...

7.5CVSS5.9AI score0.00609EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 5:25 p.m.7 views

Security Bulletin: Vulnerability in openssl and openssl-libs affects IBM Db2 Data Management Console .

Summary openssl and openssl-libs open source library is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: There is a type confusion vulnerability relating to X.400 address...

7.5CVSS7.4AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 2:23 p.m.5 views

Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...

6.1CVSS5.8AI score0.00622EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 1:53 p.m.13 views

Security Bulletin: Security vulnerabilities found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms

Summary Security vulnerabilities found in the Red Hat Universal Base Image Minimal shipped with CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerability CVE-2025-9230, CVE-2025-9086, CVE-2025-9230. Vulnerability Details CVEID:CVE-2025-11083 DESCRIPTION: A vulnerability h...

7.8CVSS5.5AI score0.01744EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 11:52 a.m.8 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to ant

Summary Ant is used by IBM webMethods BPM for internal build and deployment operations. Vulnerability Details CVEID:CVE-2012-2098 DESCRIPTION: Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream BZip2CompressorOutputStream in Apache Commons Compress before...

7.5CVSS7.1AI score0.12608EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 11:51 a.m.5 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to jetty-server

Summary IBM webMethods BPM uses jetty-server as a transitive dependency brought in by the WebMethods Integration Server is-server dependency. The Integration Server runtime uses Jetty internally for its web server infrastructure. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists...

6.5CVSS6AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 7:53 a.m.12 views

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in log4j-core (CVE-2025-68161)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-68161 of log4j-core-2.17.1.jar. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer...

6.3CVSS5.9AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 6:48 a.m.7 views

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Eclipse Jersey Race Condition (CVE-2025-12383)

Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to jersey-client-3.1.9.jar. Race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In...

9.4CVSS6AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 4:55 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - IoT Component uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite - IoT Component uses "lz4-java-1.8.0.jar, werkzeug-3.1.3-py3-none-any.whl, urllib3-2.3.0-py3-none-any.whl, urllib3-2.6.0-py3-none-any.whl, urllib3-2.6.2-py3-none-any.whl, pyasn1-0.6.1.tar.gz, github.com/opencontainers/runc v1.1.13,...

8.9CVSS6.9AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 9:14 p.m.35 views

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are vulnerable to a partial denial of service and a JNI function returning incorrect value length due to multiple vulnerabilities.

Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to an unauthenticated attacker performing a partial denial of service partial DOS CVE-2024-21208, CVE-2024-21217 and JNI function GetStringUTFLength returning incorrect value length when...

5.3CVSS6.8AI score0.01157EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:44 p.m.8 views

Security Bulletin: IBM Event Processing is vulnerable to unauthorized access to hidden files and stored cross-site scripting (XSS) (CVE-2025-11965, CVE-2025-11966)

Summary IBM Event Processing is vulnerable to unauthorized access to hidden files and stored cross-site scripting XSS when using Eclipse Vert.x. Vulnerability Details CVEID:CVE-2025-11965 DESCRIPTION: In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for...

7.5CVSS5.8AI score0.00459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:38 p.m.7 views

Security Bulletin: Cross-Site Scripting (XSS) Vulnerability in serialize-javascript Due to Improper Input Sanitization affects watsonx.data

Summary A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when...

5.4CVSS5.9AI score0.01006EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:30 p.m.9 views

Security Bulletin: Source Code Exposure Vulnerability in webpack-dev-server (Fixed in Version 5.2.1) affects watsonx.data

Summary webpack-dev-server versions prior to 5.2.1 are vulnerable to source code exposure when users visit a malicious website. Due to classic script requests not being restricted by the same-origin policy, an attacker who knows the dev server port and entry script path can inject a script, acces...

6.5CVSS5.9AI score0.00427EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:28 p.m.6 views

Security Bulletin: SMTP Command Injection Vulnerability in Netty SMTP Codec (Fixed in 4.1.129.Final and 4.2.8.Final) affect IBM watsonx.data

Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final contains an SMTP command injection vulnerability in its SMTP codec due to improper CRLF validation. Attackers who control SMTP parameters can inject arbitrary commands, potentially forging emails that pass SPF and DKIM checks. Upgradin...

6.9CVSS7.2AI score0.01617EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:8 p.m.16 views

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...

8.4CVSS7.1AI score0.01418EPSS
Exploits6
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 3:3 p.m.6 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-12635, CVE-2025-14914. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere...

7.6CVSS6AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 12:14 p.m.9 views

Security Bulletin: Multiple Vulnerabilities in Lenovo XCC affect IBM Cloud Pak System

Summary Multiple Vulnerabilities in Lenovo XCC affect IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System v2.3.6.1. Vulnerability Details CVEID:CVE-2023-20599 DESCRIPTION: Improper register access control in ASP may allow a privileged attacker to perform unauthorized acce...

7.9CVSS6.4AI score0.00601EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 10:31 a.m.14 views

Security Bulletin: IBM Event Streams is vulnerable to proxy bypass

Summary IBM Event Streams is vulnerable to proxy bypass due to improper handling of IPv6 zoneID CVE-2025-22870 Vulnerability Details CVEID:CVE-2025-22870 DESCRIPTION: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPRO...

4.4CVSS6AI score0.00384EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 10:31 a.m.11 views

Security Bulletin: IBM Event Streams is vulnerable to improper access control

Summary IBM Event Streams is vulnerable to improper access control leading to potential classloader access in Apache Commons BeanUtils CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class w...

8.8CVSS6.2AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 9:48 a.m.40 views

Security Bulletin: IBM Transformation Extender Advanced is affected by a IBM WebSphere Application Server Liberty vulnerability

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to IBM WebSphere Application Server Liberty's remote code execution vulnerability CVE-2025-14914 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

7.6CVSS6.6AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 7:48 a.m.13 views

Security Bulletin: InfoSphere Data Architect (IDA) 9.2.1 Vulnerability Fixes.

Summary This is the Summary of the Vulnerabilities reported in - InfoSphere Data Architect IDA 9.2.1 Vulnerability Details CVEID:CVE-2022-38398 DESCRIPTION: Server-Side Request Forgery SSRF vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This...

9.8CVSS7.8AI score0.18763EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 6:2 a.m.13 views

Security Bulletin: Vulnerabilities in MongoDB Server might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Zlib which use by MongoDB server. Vulnerability include mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client as described by t...

8.7CVSS5.9AI score0.83007EPSS
Exploits39Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 5:50 a.m.5 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to unauthorized access

Summary IBM Event Endpoint Management is vulnerable to unauthorized access due to improper restriction of hidden directories CVE-2025-11965 Vulnerability Details CVEID:CVE-2025-11965 DESCRIPTION: In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for...

7.5CVSS5.8AI score0.00459EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 5:45 a.m.5 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service

Summary IBM Event Streams is vulnerable to a denial of service due to inefficient handling of slow SSH key exchanges CVE-2025-22869 Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients...

7.5CVSS7AI score0.00868EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 5:44 a.m.7 views

Security Bulletin: IBM Event Streams is vulnerable to unintended response header modification

Summary IBM Event Streams is vulnerable to unintended response header modification due to a flaw in the on-headers module CVE-2025-7339 Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers...

3.4CVSS5.9AI score0.00174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 5:42 a.m.10 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service

Summary IBM Event Streams is vulnerable to a denial of service due to excessive regular expression complexity in brace‑expansion CVE-2025-5889 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has be...

3.1CVSS5.2AI score0.00459EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 5:38 a.m.6 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service

Summary IBM Event Streams is vulnerable to a denial of service due to non‑linear parsing of malicious input. CVE-2024-45338 Vulnerability Details CVEID:CVE-2024-45338 DESCRIPTION: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length...

5.3CVSS6AI score0.00856EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 5:36 a.m.5 views

Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9

Summary Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header...

7.5CVSS6AI score0.03958EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/04 1:4 a.m.8 views

Security Bulletin: Multiple security vulnerabilities has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI - January 2026 CPU and CVE-2026-1188

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about security vulnerabilities affecting WAS has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.8AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 9:57 p.m.4 views

Security Bulletin: A vulnerability in JavaScript qs package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in JavaScript qs package affect IBM® Db2® Big SQL 8.3 on IBM Cloud Pak for Data 5.3 and earlier. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The...

6.3CVSS6AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 4:33 p.m.6 views

Security Bulletin: IBM Maximo Application suite Visual Inspection Component uses werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860.

Summary IBM Maximo Application suite Visual Inspection Component uses werkzeug-3.1.4-py3-none-any.whl which is vulnerable to CVE-2026-21860. This Bulletine contains information about vulnerability and it's remediation. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a...

6.3CVSS5.9AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 3:45 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution (CVE-2025-13465, CVE-2025-61140) and denial of service (CVE-2025-15284)

Summary Node.js modules lodash, qs and jsonpath are used by IBM App Connect Enterprise Certified Container. All IBM App Connect Enterprise Certified Container operands are vulnerable to arbitrary code execution CVE-2025-13465, CVE-2025-61140 and denial of service CVE-2025-15284. This bulletin...

9.8CVSS6.5AI score0.01535EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 3:41 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.21 LTS and 12.21.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

9.8CVSS6.7AI score0.47621EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 3:34 p.m.5 views

Security Bulletin: EDB PostgreSQL - CVE-2023-39417

Summary An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack...

8.8CVSS6.2AI score0.01572EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 3:14 p.m.6 views

Security Bulletin: IBM Maximo Application suite Visual Inspection Component uses pytorch v2.8.0 which is vulnerable to multiple CVEs CVE-2025-55552, CVE-2025-55551, CVE-2025-3001.

Summary IBM Maximo Application suite Visual Inspection Component uses pytorch v2.8.0 which is vulnerable to multiple CVEs CVE-2025-55552, CVE-2025-55551, CVE-2025-3001.This Bulletine contains information of the vulerable product version and it's remediation. Vulnerability Details...

7.5CVSS5.3AI score0.00391EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 1:53 p.m.15 views

Security Bulletin: IBM Instana Observability has addressed Multiple Vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.313 Vulnerability Details CVEID:CVE-2025-5318 DESCRIPTION: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered ...

8.6CVSS6AI score0.02394EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 10:9 a.m.8 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service and a possible information leak due to LZ4 compression

Summary LZ4 compression for Java in Logstash is used by IBM Operations Analytics - Log Analysis as part of the fast, lightweight compression to reduce storage size. CVE-2025-12183, CVE-2025-66566. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in...

8.8CVSS6.1AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 9:13 a.m.6 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to CVE-2025-13466 in body-parser

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to denial of service due to CVE-2025-13466 in body-parser. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-13466 DESCRIPTION: body-parser 2.2.0 is vulnerable to denial of...

6.9CVSS5.8AI score0.00342EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 7:23 a.m.15 views

Security Bulletin: Multiple Vulnerabilities in IBM DevOps Build.

Summary Multiple vulnerabilities were addressed in IBM DevOps Build 7.1.0.2. Vulnerability Details CVEID:CVE-2025-52434 DESCRIPTION: Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Apache Tomcat when using the APR/Native connector. This w...

9.8CVSS6.6AI score0.81147EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 6:49 a.m.7 views

Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014_x86_64, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any.

Summary Security Bulletin: IBM Maximo Application Suite uses pyasn1-0.6.1, protobuf-6.33.4-cp39-abi3-manylinux2014x8664, urllib3-2.5.0-py3-none-any, database/sql 1.24.4 and weasyprint-67.0-py3-none-any which is vulnerable to CVE-2026-23490, CVE-2026-0994, CVE-2025-66418, CVE-2025-66471,...

8.9CVSS6AI score0.00679EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 4:14 a.m.5 views

Security Bulletin: There is a vulnerability in urllib3-2.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21441)

Summary There is a vulnerability in urllib3-2.6.2-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient...

8.9CVSS6AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 4:13 a.m.5 views

Security Bulletin: There is a vulnerability in netty-codec-http-4.1.126.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2025-67735)

Summary There is a vulnerability in netty-codec-http-4.1.126.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

6.5CVSS5.9AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 4:12 a.m.5 views

Security Bulletin: There is a vulnerability in werkzeug-3.1.4-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-21860)

Summary There is a vulnerability in werkzeug-3.1.4-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin...

6.3CVSS5.9AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 4:11 a.m.8 views

Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the...

6.9CVSS5.9AI score0.00343EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/03 12:44 a.m.34 views

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate following vulnerabilities: Linux vulnerabilities in libraries such as bzip2, nghttp2, libxml2, unbound, libsoup, pam, sudo, java, openssh, glib2, expat, httpd, and linux-firmware. Safe Guarded Copy vulnerability within the...

9.8CVSS7.8AI score0.8496EPSS
Exploits2Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/02 11:3 p.m.10 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Management GUI and/or BDA are now included.

Summary The following vulnerabilities that can affect IBM Storage Scale Management GUI and/or BDA and could provide weaker than expected security are now fixed., GUI: CVE-2025-59057, CVE-2025-68161, BDA: CVE-2025-66566, CVE-2024-6485, CVE-2025-12183, CVE-2025-67735 Vulnerability Details...

8.8CVSS6.4AI score0.00743EPSS
Exploits2Affected Software1
Total number of security vulnerabilities35598