34931 matches found
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-36154 DESCRIPTION: IBM Concert Software stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user. CWE:CWE-313: Clearte...
Security Bulletin: User Entity Behavior Analytics app for IBM QRadar SIEM includes components with known vulnerabilities
Summary Components with known vulnerabilities were addressed in a IBM User Entity Behavior Analytics app release Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and...
Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes components with known vulnerabilities
Summary Components with known vulnerabilities were addressed in a IBM Security QRadar Network Threat Analytics app release Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to version...
Security Bulletin: Components with known vulnerabilities in IBM Security QRadar Analyst Workflow for IBM QRadar SIEM
Summary Multiple components with known vulnerabilities were addressed in a IBM Security QRadar Analyst Workflow for IBM QRadar SIEM release Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions...
Security Bulletin: Security Vulnerabilities in Java affect IBM Voice Gateway
Summary Security Vulnerabilities in Java affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality...
Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion
Summary Multiple vulnerabilities affecting IBM Fusion and IBM Fusion HCI could have resulted in reduced security. These issues have since been resolved. CVE-2025-7969, CVE-2025-66221, CVE-2025-65945, CVE-2025-6493, CVE-2025-64756, CVE-2025-64118, CVE-2025-62727, CVE-2025-59952, CVE-2025-5889,...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Syntactic Correctness of Input in Golang (CVE-2025-22868)
Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2025-22868 Vulnerability Details CVEID:CVE-2025-22868 DESCRIPTION: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CWE:CWE-1286: Improper Validation of Syntactic Correctness o...
Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in Golang (CVE-2024-45336)
Summary Golang is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2024-45336 Vulnerability Details CVEID:CVE-2024-45336 DESCRIPTION: The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an...
Security Bulletin: IBM Storage Ceph is vulnerable to a Rogue Session Attack and Rogue Extension Negotiation in python-asyncssh (CVE-2023-46446, CVE-2023-46445)
Summary python-asyncssh is used by IBM Storage Ceph as an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-46446, CVE-2023-46445 Vulnerability Details CVEID:CVE-2023-46446 DESCRIPTION: An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Integrity Check Value in python-asyncssh (CVE-2023-48795)
Summary python-asyncss is used by IBM Storage Ceph ias an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-48795 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...
Security Bulletin: IBM Storage Ceph is vulnerable to CWE in Golang (CVE-2023-39325)
Summary Golang is used by IBM Storage Ceph in Grafana. CVE-2023-39325 Vulnerability Details CVEID:CVE-2023-39325 DESCRIPTION: A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is...
Security Bulletin: IBM Storage Ceph is vulnerable to Asymmetric Resource Consumption in Golang Go (CVE-2025-30204)
Summary Golang Go is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2025-30204 Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service and loss of integrity [CVE-2025-12816, CVE-2025-66030, CVE-2025-66031]
Summary Node.js module node-forge is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service and loss of integrity. This bulletin provides patch information to...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service and loss of confidentiality due to several findings in Golang binaries
Summary IBM App Connect Enterprise Certified Container contains several Golang-based binaries. IBM App Connect Enterprise Certified Container operator and operands are vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported...
Security Bulletin: Arbitrary Code Execution in Keras
Summary Keras is used by many machine learning frameworks and applications as part of their deep learning infrastructure. Remote attackers can execute arbitrary code, leading to full system compromise, data breaches, and potential lateral movement where the identified vulnerability is present...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository due to April and October 2025 CPUs
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, used by WebSphere Service Registry and Repository. These issues were disclosed as part of the IBM Java SDK updates in April and October 2025. These issues are also addressed by WebSphere Application Server shipped with...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Neutralization of Input Terminators due to Jakarta Mail (CVE-2025-7962)
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Neutralization of Input Terminators due to Jakarta Mail. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to json-20190722.jar
Summary IBM webMethods BPM uses json-20190722.jar for reading and parsing of JSON data. Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Incomplete Filtering of One or More Instances of Special Elements due to node module validator (CVE-2025-12758)
Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to Incomplete Filtering of One or More Instances of Special Elements due to node module validator. Vulnerability Details...
Security Bulletin: IBM i is affected by a cross-site scripting vulnerability in Navigator for i [CVE-2024-47875]
Summary Navigator for IBM i is vulnerable to cross-site scripting when using the browser editor CVE-2024-47875 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2024-47875 DESCRIPTION: DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, Math...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14.2 Vulnerability Details CVEID:CVE-2025-36228 DESCRIPTION: IBM Aspera Faspex 5 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled,...
Security Bulletin: MANTA Automated Data Lineage for IBM Cloud Pak for Data is vulnerable to Critical Security Vulnerability in React Server Components CVE-2025-55182
Summary MANTA Automated Data Lineage for IBM Cloud Pak for Data is affected by React Server Components CVE-2025-55182. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Handling of Syntactically Invalid Structure in Grafana (CVE-2025-22865)
Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2025-22865 Vulnerability Details CVEID:CVE-2025-22865 DESCRIPTION: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key i...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Input Validation in Ceph (CVE-2024-47866)
Summary Ceph RGW is used by IBM Storage in RGW as part of storage. CVE-2024-47866 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2024-47866 DESCRIPTION: Ceph is a distributed object, block, and file storage platform. In versions up...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Privilege Management in Grafana (CVE-2024-1442)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-1442 Vulnerability Details CVEID:CVE-2024-1442 DESCRIPTION: A user with the permissions to create a data source can use Grafana API to...
Security Bulletin: IBM App Connect for Manufacturing is vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle (CVE-2025-8916)
Summary IBM App Connect for Manufacturing is vulnerable to Allocation of Resources Without Limits or Throttling due to Bouncy Castle. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Ja...
Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem
Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.3.0 Vulnerability Details CVEID:CVE-2025-12735 DESCRIPTION: The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined...
Security Bulletin: Security vulnerabilities have been found in IBM Library Support for Spring 2.7.29 and 3.2.17 (CVE-2025-41253, CVE-2025-41254)
Summary IBM Library Support for Spring has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2025-41254 DESCRIPTION: STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Product...
Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-37891]
Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-37891 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information...
Security Bulletin: Due to the use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition is affected by an SMTP injection vulnerability caused by Jakarta Mail(CVE-2025-7962)
Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is affected by an SMTP injection vulnerability caused by Jakarta Mail. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.12.0 Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty...
Security Bulletin: IBM Rhapsody Systems Engineering is using next-15.4.7.tgz which is vulnerable to CVE-2025-55182
Summary A security vulnerability was identified in the Next.js package used in IBM Rhapsody Systems Engineering. The issue is resolved by updating to a non-vulnerable patched version to ensure the continued security and reliability of the product. Vulnerability Details CVEID:CVE-2025-55182...
Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-47913, CVE-2022-25927, CVE-2025-6493, CWE-400, CWE-1333, CVE-2025-14687
Summary Multiple vulnerabilties fixed with Db2 Intelligence Center 1.1.3. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVSS Source: CISA ADP CVSS Base...
Security Bulletin: Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager (FNCM) component Content Search Services (CSS) / Enterprise Content Management Text Search (ECMTS)
Summary Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager FNCM component Content Search Services CSS / Enterprise Content Management Text Search ECMTS Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM Edge Data Collector uses next-15.5.5.tgz which is vulnerable to CVE-2025-55182.
Summary IBM Edge Data Collector uses next-15.5.5.tgz which is vulnerable to CVE-2025-55182. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server...
Security Bulletin: Multiple components with known vulnerabilities in IBM QRadar SIEM
Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM version 7.5.0 UP14 IF03 Vulnerability Details CVEID:CVE-2025-39718 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput...
Security Bulletin: IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO (CVE-2024-47554)
Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: Vulnerability in requests affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-35195]
Summary The requests package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-3572...
Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java (CVE-2025-7962)
Summary IBM Enterprise Application Service for Java is affected by a vulnerability in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separa...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper input validation in logback-core [CVE-2025-11226]
Summary IBM Watson Speech Services Cartridge is vulnerable to improper input validation, due to an issue with conditional configuration file processing in logback-core CVE-2025-11226. Logback-core is used in our java microservices. This vulnerabilitiy has been addressed. Please read the details f...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Bouncy Castle [CVE-2025-12194]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Bouncy Castle, due to an issue in Java LTS bcprov-lts8on on All API modules that allows Excessive Allocation. CVE-2025-12194. Bouncy Castle is used in our service runtimes. This vulnerabilitiy ha...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]
Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future, due to the unintended import of a file named test.py. CVE-2025-50817. Python-Future is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...