35608 matches found
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request...
Security Bulletin: IBM Terracotta is affected by two Undertow vulnerabilities that could allow remote denial of service attacks and Host header manipulation leading to cache poisoning or session hijacking
Summary IBM Terracotta uses Undertow as the web server for hosting the Terracotta Management Service TMS. Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-2.13.1-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-2.13.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-9906 DESCRIPTION: The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially craft...
Security Bulletin: IBM Db2 used by IBM Security Verify Governance has multiple vulnerabilities
Summary IBM Security Verify Governance ISVG, now re-branded as IBM Verify Identity Governance IVIG, uses IBM Db2 database. Information about security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime (CVE-2026-21945,CVE-2026-21932,CVE-2026-21933, CVE-2026-21925 & CVE-2026-1188))
Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF006. These vulnerabilities have been also adressed in 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP...
Security Bulletin: IBM Aspera faspio Gateway 1.3.7 has addressed a vulnerability affected by weak cryptographic algorithms
Summary Aspera faspio Gateway uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information Vulnerability Details CVEID:CVE-2025-14480 DESCRIPTION: Aspera faspio Gateway uses weaker than expected cryptographic algorithms that could allow an...
Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting and cross-site request forgery due to Angular [CVE-2025-66412, CVE-2026-22610, CVE-2025-66035]
Summary The IBM Db2 Mirror for i GUI uses the Angular web framework. The version of Angular used by IBM Db2 Mirror for i is vulnerable to cross-site scripting and cross-site request forgery as described in the vulnerability details section. IBM has addressed the vulnerabilities for IBM Db2 Mirror...
Security Bulletin: IBM i is affected by Cross-Site Request Forgery and Cross-Site Scripting in Digital Certificate Manager and Navigator for i [CVE-2025-66035, CVE-2025-66412, CVE-2026-22610]
Summary IBM i Digital Certificate Manager DCM and Navigator for i are vulnerable to Cross-Site Request Forgery XSRF token leakage via protocol-relative URLs in angular HTTP clients CVE-2025-66035 and Cross-Site Scripting XSS via the compiler's internal security schema being incomplete...
Security Bulletin: Vulnerability in Apache Commons IO (CVE-2024-47554) affects IBM WebSphere Service Registry and Repository.
Summary An Uncontrolled Resource Consumption vulnerability in Apache Commons IO CVE-2024-47554 affects IBM WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2025-13333]
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Watson Machine Learning Accelerator for IBM Cloud Pak for Data is affected by multiple vulnerabilities.
Summary Multiple vulnerabilities were addressed in IBM Watson Machine Learning Accelerator for IBM Cloud Pak for Data. Follow the instructions in this document to address them. Vulnerability Details CVEID:CVE-2021-38291 DESCRIPTION: FFmpeg version git commit de8e6e67e7523e48bb27ac224a0b446df05e16...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server
Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Remote Server, could provide weaker than expected security (CVE-2025-13333)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability (CVE-2026-1567)
Summary An XML external entity injection XXE vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1567 DESCRIPTION: An XML External Entity XXE vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive informati...
Security Bulletin: IBM Database Operator for FoundationDB is affected by zlib vulnerability (CVE-2018-25032)
Summary Foundation DB will ship an updated zlib to address this CVE. Though zlib is used for internal communication and vulnerability dislcoed here does not impact Foundation DB. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM Enterprise Application Service for Java is affected by a cross-site scripting vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-12635)
Summary IBM Enterprise Application Service for Java is affected by a vulnerability in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12...
Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 8 vulnerabilities
Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology Edition, Version 8 and is affected by multiple vulnerabilities CVE-2026-21945, CVE-2026-21932, CVE-2026-21933 and CVE-2026-21925. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to insufficient validation in data query logic (CVE-2025-36427)
Summary IBM® Db2® is vulnerable to a denial of service due to insufficient validation in data query logic Vulnerability Details CVEID:CVE-2025-36427 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service due to insufficient...
Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to ISC BIND (CVE-2025-40778, CVE-2025-40780, CVE-2025-8677)
Summary Vulnerabilities in ISC BIND could allow an attacker to inject forged data into the cache CVE-2025-40778, predict the source port and query ID that BIND will use CVE-2025-40780, or cause CPU exhaustion CVE-2025-8677. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details...
Security Bulletin: IBM® Db2® Federated server is vulnerable to a denial of service with a specially crafted query (CVE-2025-36424)
Summary IBM® Db2® Federated server could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36424 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a us...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-13333)
Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server and, in turn, by IBM Rational ClearQuest.
Summary IBM HTTP Server is utilized by IBM WebSphere Application Server, which in turn is used by the IBM Rational ClearQuest server. Details regarding security vulnerabilities impacting IBM HTTP Server have been released in an official security bulletin. Vulnerability Details Refer to the securi...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-36099)
Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-33142)
Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-7962)
Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-12635)
Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-48976)
Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow traditional - CVE-2025-46392
Summary IBM Business Automation Workflow embedded Navigator packages a vulnerable version of Apache commons-configuration. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...
Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector
Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 7.1.0 Vulnerability Details CVEID:CVE-2025-12194 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion...
Security Bulletin: IBM i is affected by denial of service vulnerabilities in Db2 JSON Store Technology Preview [CVE-2025-66453]
Summary Db2 for IBM i JSON Store Technology Preview is vulnerable to a denial of service when using the toFixed function CVE-2025-66453 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript...
Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.
Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925 and CVE-2026-1188 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to...
Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-470...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service
Summary IBM Event Streams is vulnerable to a denial of service due to improper buffer release in quarkus-resteasy. CVE-2025-1634 Vulnerability Details CVEID:CVE-2025-1634 DESCRIPTION: A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional which could provide weaker than expected security.
Summary The security issue described in CVE-2025-13333 has been identified in the WebSphere Application Server traditional included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...
Security Bulletin: IBM Event Streams is vulnerable to an OutOfMemoryError (CVE-2025-1948)
Summary IBM Event Streams is vulnerable to an OutOfMemoryError due to uncontrolled memory allocation in Jetty HTTP/2. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 setting...
Security Bulletin: IBM Event Endpoint Management is vulnerable to information disclosure (CVE-2025-68429)
Summary IBM Event Endpoint Management may be vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2025-68429 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior t...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.(CVE-2025-36407)
Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36407 DESCRIPTION: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using certain functions in a query (CVE-2025-36366)
Summary IBM® Db2® could allow a user to cause a denial of service by executing a query that invokes the JSONObject scalar function, which may trigger an unhandled exception leading to abnormal server termination. Vulnerability Details CVEID:CVE-2025-36366 DESCRIPTION: IBM Db2 for Linux, UNIX and...
Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Critical XXE in Apache Tika (CVE-2025-54988)
Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to Apache Tika 1.13 through and including 3.2.1 on all platforms . These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 throu...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2025-13333)
Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and could provide weaker than expected security. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability Details Refer to th...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kafka-clients
Summary IBM webMethods BPM uses kafka-clients.jar which is pulled in automatically as a dependency of webmethods event streaming library, Kafka-clients.jar provides Apache Kafka client APIs for producing and consuming messages. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: A security...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to bc-fips
Summary IBM webMethods BPM uses bc-fips which is pulled in by webMethods Integration Server core for FIPS-compliant cryptographic operations. The BPM Process Engine relies on IS infrastructure for security but doesn't directly use Bouncy Castle APIs. Vulnerability Details CVEID:CVE-2025-8885...