Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:44 p.m.4 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Buffer Overflow in Eclipse [ CVE-2026-1188]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Buffer Overflow in Eclipse, due to an Incorrect Calculation of Buffer Size in the Eclipse OMR port library component CVE-2026-1188. Eclipse is used in our java microservices. This vulnerabilitiy has been addressed. Please read the...

9.8CVSS6.2AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:43 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in QOS.CH logback-core [CVE-2026-1225]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Input Validation in logback-core, caused by an ACE vulnerability in configuration file processing that allows an attacker to instantiate classes already present on the class path by compromising an existing logback configurati...

1.8CVSS5.9AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:42 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Werkzeug [CVE-2026-21860]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in Werkzeug, due to an Improper Handling of Windows Device Names CVE-2026-21860. Werkzeug is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below...

6.3CVSS5.9AI score0.00424EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:40 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv [CVE-2026-22702]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Time-of-Check to Time-of-Use in virtualenv, caused by flaws which allow local attackers to perform symlink-based attacks on directory creation operations. CVE-2026-22702. virtualenv is used in our java microservices. This...

4.5CVSS5.9AI score0.00085EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:40 p.m.5 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a Data Amplification in urllib3 [ CVE-2026-21441]

Summary IBM Watson Speech Services Cartridge is vulnerable to a Data Amplification in urllib3, due to a flaw that library reads the entire response body to drain the connection and decompress the content unnecessarily, rather than decompressing only the necessary bytes as expected CVE-2026-21441...

8.9CVSS5.9AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:38 p.m.6 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Open Redirect and Denial of Service in urllib3 [CVE-2025-50181, CVE-2025-66418, CVE-2025-66471]

Summary IBM Watson Speech Services Cartridge is vulnerable to Open Redirect and Denial of Service due to umltiple issues in urllib3 CVE-2025-50181, CVE-2025-66418, CVE-2025-66471. urllib3 is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...

8.9CVSS7.1AI score0.00633EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:34 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a template injection vulnerability in LangChain [CVE-2025-65106]

Summary BM Watson Speech Services Cartridge is vulnerable to a template injection vulnerability in LangChain, due to a defect existing in LangChain's prompt template system that allows attackers to access Python object internals through template syntax CVE-2025-65106. LangChain is used in our...

8.3CVSS5.9AI score0.00466EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:33 p.m.12 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat (CVE-2025-55752, CVE-2025-55754, CVE-2025-61795)

Summary IBM Watson Speech Services Cartridge is vulnerable to a directory traversal, security bypass, and D.O.S. in Apache Tomcat, due to issues with 'tomcat-embed-core-10.1.44.jar' and 'tomcat-juli-10.1.44.jar'packagesCVE-2025-55752, CVE-2025-55754, CVE-2025-61795. Apache Tomcat is used in our...

9.6CVSS6.1AI score0.66535EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:16 p.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub

Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content...

8.9CVSS7.2AI score0.02667EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 2:33 p.m.11 views

Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-12635)

Summary A cross-site scripting vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-12635 Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server...

5.4CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 12:43 p.m.10 views

Security Bulletin: IBM IBM Edge Data Collector uses azure_core-1.14.0-py2.py3-none-any.whl which is vulnerable to CVE-2026-21226.

Summary IBM IBM Edge Data Collector uses azurecore-1.14.0-py2.py3-none-any.whl which is vulnerable to CVE-2026-21226. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21226 DESCRIPTION: Deserialization of untrusted data in Azure Core shared...

7.5CVSS6.1AI score0.00776EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 12:41 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses filelock-3.20.1-py3-none-any.whl, filelock-3.20.2-py3-none-any.whl which is vulnerable to CVE-2026-22701.

Summary IBM Maximo Application Suite - Monitor Component uses filelock-3.20.1-py3-none-any.whl, filelock-3.20.2-py3-none-any.whl which is vulnerable to CVE-2026-22701. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-22701 DESCRIPTION: filelock...

6.5CVSS6AI score0.00184EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:53 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490.

Summary IBM Maximo Application Suite - Monitor Component uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior to...

7.5CVSS5.8AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:53 a.m.12 views

Security Bulletin: IBM Edge Data Collector uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490.

Summary IBM Edge Data Collector uses pyasn1-0.6.1.tar.gz which is vulnerable to CVE-2026-23490. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Servic...

7.5CVSS5.8AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:52 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735.

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven...

6.5CVSS5.9AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:44 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161.

Summary IBM Maximo Application Suite - Monitor Component uses log4j-core-2.25.1.jar which is vulnerable to CVE-2025-68161. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions...

6.3CVSS5.9AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:42 a.m.8 views

Security Bulletin: IBM Edge Data Collector uses urllib3-2.6.1-py3-none-any.whl which is vulnerable to CVE-2026-21441.

Summary IBM Edge Data Collector uses urllib3-2.6.1-py3-none-any.whl which is vulnerable to CVE-2026-21441. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API...

8.9CVSS6AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:41 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl, urllib3-2.6.1-py3-none-any.whl, urllib3-2.6.2-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471, CVE-2026-21441.

Summary IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl, urllib3-2.6.1-py3-none-any.whl, urllib3-2.6.2-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471, CVE-2026-21441. This bulletin contains information addressing the vulnerability...

8.9CVSS6.1AI score0.02667EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:40 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses werkzeug-3.1.1-py3-none-any.whl, werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221, CVE-2026-21860.

Summary IBM Maximo Application Suite - Monitor Component uses werkzeug-3.1.1-py3-none-any.whl, werkzeug-3.1.3-py3-none-any.whl which is vulnerable to CVE-2025-66221, CVE-2026-21860. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-66221...

6.3CVSS5.9AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:40 a.m.5 views

Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerablity (CVE-2025-12635)

Summary IBM MQ Appliance has addressed a cross-site scripting vulnerability. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improp...

5.4CVSS5.8AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:39 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284.

Summary IBM Maximo Application Suite - Monitor Component uses qs-6.13.0.tgz, qs-6.14.0.tgz which is vulnerable to CVE-2025-15284. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...

6.3CVSS5.9AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:37 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.53.0-py3-none-any.whl which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.53.0-py3-none-any.whl which is vulnerable to CVE-2025-14920, CVE-2025-14921, CVE-2025-14926, CVE-2025-14927, CVE-2025-14924, CVE-2025-14928, CVE-2025-14929, CVE-2025-14930. This bulletin contains information addressing t...

7.8CVSS6.3AI score0.00315EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:36 a.m.10 views

Security Bulletin: IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160.

Summary IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58160 DESCRIPTION: tracing is a framework for instrumenting Rust programs to collect...

2.3CVSS5.9AI score0.00303EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:35 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tornado-6.5-cp39-abi3-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2025-67724, CVE-2025-67725, CVE-2025-67726.

Summary IBM Maximo Application Suite - Monitor Component uses tornado-6.5-cp39-abi3-manylinux25x8664.manylinux1x8664.manylinux217x8664.manylinux2014x8664.whl which is vulnerable to CVE-2025-67724, CVE-2025-67725, CVE-2025-67726. This bulletin contains information addressing the vulnerability...

7.5CVSS5.8AI score0.00396EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 9:44 a.m.10 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "org.apache.cxfcxf-core 3.6.7, io.nettynetty-codec-http 4.1.124.Final , github.com/golang-jwt/jwt/v4 v4.5.0" which are vulnerable to "CVE-2025-48913, CVE-2025-58056, CVE-2024-51744". This bulletin contains information regarding the vulnerabilities and how...

9.8CVSS7AI score0.00739EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 3:34 a.m.10 views

Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (February 2026)

Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2025-69277 DESCRIPTION: libsodium before ad3004e, in atypical use cases...

8.9CVSS6AI score0.00633EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 7:30 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in commons-text-1.3.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in commons-text-1.3.jar Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the...

9.8CVSS6.1AI score0.00919EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 7:0 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in urllib3-1.26.20-py2.py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in urllib3-1.26.20-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by...

8.9CVSS5.7AI score0.00633EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 7:0 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in qs-6.13.0.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in qs-6.13.0.tgz Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. SummaryThe arrayLimit option in qs does not enforce...

6.3CVSS5.5AI score0.0041EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 6:59 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in js-yaml-4.1.0.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in js-yaml-4.1.0.tgz Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of ...

5.3CVSS5.6AI score0.00378EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 6:58 p.m.5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.3-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safejoin function allows path segments with...

6.3CVSS5.4AI score0.00474EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 6:57 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Cognos Command Center

Summary Multiple vulnerabilities were addressed in IBM Cognos Command Center 10.2.5 FP1 IF3 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a hang or...

9.8CVSS6.2AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 6:56 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem

Summary IBM Watson Discovery Cartridge affected by vulnerability in aws-sdk-s3-1.199.0.gem Vulnerability Details CVEID:CVE-2025-14762 DESCRIPTION: Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts ...

6CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 5:29 p.m.14 views

Security Bulletin: IBM MQ Appliance is affected by an authority vulnerability (CVE-2026-1713)

Summary IBM MQ Appliance has addressed an authority vulnerability. Vulnerability Details CVEID:CVE-2026-1713 DESCRIPTION: IBM MQ is affected by an authority vulnerability allowing users access to SYSTEM.AUTH.DATA.QUEUE. CWE:CWE-305: Authentication Bypass by Primary Weakness CVSS Source: IBM CVSS...

5.5CVSS5.5AI score0.00114EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 4:52 p.m.7 views

Security Bulletin: IBM MQ Appliance is affected by Linux kernel vulnerabilities (CVE-2025-39971 and CVE-2025-39955)

Summary IBM MQ Appliance has addressed multiple Linux kernel vulnerabilities. Vulnerability Details CVEID:CVE-2025-39971 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized...

7.8CVSS5.2AI score0.00193EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 4:52 p.m.7 views

Security Bulletin: IBM MQ Appliance uses weaker than expected cryptographic algorithms (CVE-2025-14456)

Summary IBM MQ Appliance has addressed use of weaker than expected cryptographic algorithms. Vulnerability Details CVEID:CVE-2025-14456 DESCRIPTION: IBM MQ Appliance uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CWE:CWE-32...

5.9CVSS5.5AI score0.0017EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 4:45 p.m.15 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK (CVE-2026-21945,CVE-2026-21932,CVE-2026-21933 & CVE-2026-21925))

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows...

7.5CVSS5.8AI score0.00864EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 12:54 p.m.10 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP14 IF05 Vulnerability Details CVEID:CVE-2025-68615 DESCRIPTION: net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-sn...

9.8CVSS5.9AI score0.4269EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 12:31 p.m.5 views

Security Bulletin: IBM DevOps Plan is vulnerable to Excessive Authentication Attempts ( CVE-2025-36363)

Summary IBM DevOps Plan is vulnerable to brute force attack due to improper restriction of excessive authentication attempts. Vulnerability Details CVEID:CVE-2025-36363 DESCRIPTION: IBM DevOps Plan uses an inadequate account lockout setting that could allow a remote attacker to brute force accoun...

7.5CVSS5.5AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 12:22 p.m.8 views

Security Bulletin: IBM DevOps Plan REST APIs are vulnerable to exposure of sensitive data through request query parameters. (CVE-2025-36364)

Summary A vulnerability has been identified in IBM DevOps Plan REST APIs where sensitive data is transmitted via request query parameters. Vulnerability Details CVEID:CVE-2025-36364 DESCRIPTION: IBM DevOps Plan allows web page cache to be stored locally which can be read by another user on the...

6.2CVSS5.3AI score0.00108EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 12:14 p.m.8 views

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a denial of service due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a denial of service due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

7.5CVSS5.4AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 12:13 p.m.7 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2024-29371)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS5.4AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 11:10 a.m.6 views

Security Bulletin: A vulnerability in Java affects IBM License Metric Tool v9 (CVE-2026-1188).

Summary A vulnerability in Java component used by IBM License Metric Tool have been remediated. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was...

9.8CVSS6AI score0.00491EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 10:4 a.m.13 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.1 Vulnerability Details CVEID:CVE-2025-11965 DESCRIPTION: In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, a StaticHandler configuration for restricting access to hidd...

8.6CVSS6AI score0.03026EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 9:40 a.m.10 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for February 2026

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 IF002 Vulnerability Details CVEID:CVE-2026-1225 DESCRIPTION: ACE vulnerability in configuration file processing by QOS.CH logback-core up to a...

8.7CVSS6.6AI score0.00613EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 4:30 a.m.9 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities in the dependent components have been addressed in the latest update to IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2025-39697 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updati...

9.1CVSS7AI score0.09353EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 3:23 a.m.9 views

Security Bulletin: Multiple Vulnerabilities in IBM Tivoli Netcool/OMNIbus_GUI (CVE-2019-17570, CVE-2025-64775)

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool/OMNIbusGUI 8.1.0 Fix Pack 40. Vulnerability Details CVEID:CVE-2025-64775 DESCRIPTION: Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache...

9.8CVSS6.2AI score0.49285EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 3:4 a.m.10 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the...

9.8CVSS6.7AI score0.03026EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 1:5 a.m.11 views

Security Bulletin: Investigation Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-66221 DESCRIPTION: Werkzeu...

8.7CVSS6.1AI score0.00487EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 12:36 a.m.12 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows

Summary There are multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows. All platforms are affected, and all previous versions may also be affected. Vulnerability Details CVEID:CVE-2024-3933 DESCRIPTION: In Eclipse OpenJ9 release versions prior to 0.44...

9.8CVSS7.6AI score0.01827EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608