Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/02/23 9:12 p.m.31 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2024-37370 DESCRIPTION: MIT Kerberos 5 aka krb5 could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request...

7.8CVSS8.4AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/23 7:6 p.m.12 views

Security Bulletin: IBM Terracotta is affected by two Undertow vulnerabilities that could allow remote denial of service attacks and Host header manipulation leading to cache poisoning or session hijacking

Summary IBM Terracotta uses Undertow as the web server for hosting the Terracotta Management Service TMS. Vulnerability Details CVEID:CVE-2024-3884 DESCRIPTION: A flaw was found in Undertow that can cause remote denial of service attacks. When the server uses the...

9.6CVSS5.7AI score0.01256EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/23 4:49 p.m.27 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-2.13.1-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-2.13.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-9906 DESCRIPTION: The Keras Model.loadmodel method can be exploited to achieve arbitrary code execution, even with safemode=True. One can create a specially craft...

8.6CVSS5.8AI score0.00186EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/23 12:30 p.m.8 views

Security Bulletin: IBM Db2 used by IBM Security Verify Governance has multiple vulnerabilities

Summary IBM Security Verify Governance ISVG, now re-branded as IBM Verify Identity Governance IVIG, uses IBM Db2 database. Information about security vulnerabilities affecting IBM Db2 has been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

8.8CVSS5.4AI score0.00566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/23 9:28 a.m.22 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime (CVE-2026-21945,CVE-2026-21932,CVE-2026-21933, CVE-2026-21925 & CVE-2026-1188))

Summary IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause...

9.8CVSS6.2AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/23 9:25 a.m.25 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF006. These vulnerabilities have been also adressed in 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP...

8.6CVSS8.6AI score0.13204EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/20 11:0 p.m.13 views

Security Bulletin: IBM Aspera faspio Gateway 1.3.7 has addressed a vulnerability affected by weak cryptographic algorithms

Summary Aspera faspio Gateway uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information Vulnerability Details CVEID:CVE-2025-14480 DESCRIPTION: Aspera faspio Gateway uses weaker than expected cryptographic algorithms that could allow an...

7.5CVSS5.4AI score0.00167EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/20 4:54 p.m.14 views

Security Bulletin: IBM Db2 Mirror for i is vulnerable to cross-site scripting and cross-site request forgery due to Angular [CVE-2025-66412, CVE-2026-22610, CVE-2025-66035]

Summary The IBM Db2 Mirror for i GUI uses the Angular web framework. The version of Angular used by IBM Db2 Mirror for i is vulnerable to cross-site scripting and cross-site request forgery as described in the vulnerability details section. IBM has addressed the vulnerabilities for IBM Db2 Mirror...

8.5CVSS5.2AI score0.00572EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/20 4:42 p.m.10 views

Security Bulletin: IBM i is affected by Cross-Site Request Forgery and Cross-Site Scripting in Digital Certificate Manager and Navigator for i [CVE-2025-66035, CVE-2025-66412, CVE-2026-22610]

Summary IBM i Digital Certificate Manager DCM and Navigator for i are vulnerable to Cross-Site Request Forgery XSRF token leakage via protocol-relative URLs in angular HTTP clients CVE-2025-66035 and Cross-Site Scripting XSS via the compiler's internal security schema being incomplete...

8.5CVSS5.3AI score0.01535EPSS
Exploits2Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/20 3:54 p.m.7 views

Security Bulletin: Vulnerability in Apache Commons IO (CVE-2024-47554) affects IBM WebSphere Service Registry and Repository.

Summary An Uncontrolled Resource Consumption vulnerability in Apache Commons IO CVE-2024-47554 affects IBM WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...

4.3CVSS5.5AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/20 9:11 a.m.11 views

Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase [CVE-2025-13333]

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

4.9CVSS5.7AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/19 5:6 p.m.12 views

Security Bulletin: IBM Watson Machine Learning Accelerator for IBM Cloud Pak for Data is affected by multiple vulnerabilities.

Summary Multiple vulnerabilities were addressed in IBM Watson Machine Learning Accelerator for IBM Cloud Pak for Data. Follow the instructions in this document to address them. Vulnerability Details CVEID:CVE-2021-38291 DESCRIPTION: FFmpeg version git commit de8e6e67e7523e48bb27ac224a0b446df05e16...

9.8CVSS6.6AI score0.02772EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/19 3:33 p.m.8 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

8.2CVSS5.5AI score0.00296EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/19 3:31 p.m.8 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Remote Server, could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.4AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 10:46 p.m.13 views

Security Bulletin: IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability (CVE-2026-1567)

Summary An XML external entity injection XXE vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-1567 DESCRIPTION: An XML External Entity XXE vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive informati...

7.5CVSS5.6AI score0.00311EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 10:25 p.m.9 views

Security Bulletin: IBM Database Operator for FoundationDB is affected by zlib vulnerability (CVE-2018-25032)

Summary Foundation DB will ship an updated zlib to address this CVE. Though zlib is used for internal communication and vulnerability dislcoed here does not impact Foundation DB. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory...

7.5CVSS8.6AI score0.51733EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 10:9 p.m.9 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.5AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 10:7 p.m.10 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.6AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 10:5 p.m.8 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-13333)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a vulnerability that could provide weaker than expected security when enabling AES-256 password encryption. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.5AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 8:28 p.m.6 views

Security Bulletin: IBM Enterprise Application Service for Java is affected by a cross-site scripting vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-12635)

Summary IBM Enterprise Application Service for Java is affected by a vulnerability in IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12...

5.4CVSS5.2AI score0.00139EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 4:5 p.m.14 views

Security Bulletin: IBM Sterling Transformation Extender is affected by multiple IBM Java 8 vulnerabilities

Summary IBM Sterling Transformation Extender uses IBM SDK, Java Technology Edition, Version 8 and is affected by multiple vulnerabilities CVE-2026-21945, CVE-2026-21932, CVE-2026-21933 and CVE-2026-21925. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of...

7.5CVSS5.7AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 3:20 p.m.9 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to insufficient validation in data query logic (CVE-2025-36427)

Summary IBM® Db2® is vulnerable to a denial of service due to insufficient validation in data query logic Vulnerability Details CVEID:CVE-2025-36427 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service due to insufficient...

6.5CVSS5.5AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 3:4 p.m.12 views

Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to ISC BIND (CVE-2025-40778, CVE-2025-40780, CVE-2025-8677)

Summary Vulnerabilities in ISC BIND could allow an attacker to inject forged data into the cache CVE-2025-40778, predict the source port and query ID that BIND will use CVE-2025-40780, or cause CPU exhaustion CVE-2025-8677. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details...

8.6CVSS5.6AI score0.1096EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 3:2 p.m.11 views

Security Bulletin: IBM® Db2® Federated server is vulnerable to a denial of service with a specially crafted query (CVE-2025-36424)

Summary IBM® Db2® Federated server could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36424 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a us...

6.5CVSS5.5AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 2:0 p.m.9 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-13333)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.5AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 1:59 p.m.8 views

Security Bulletin: A vulnerability has been identified in IBM HTTP Server, which is used by IBM WebSphere Application Server and, in turn, by IBM Rational ClearQuest.

Summary IBM HTTP Server is utilized by IBM WebSphere Application Server, which in turn is used by the IBM Rational ClearQuest server. Details regarding security vulnerabilities impacting IBM HTTP Server have been released in an official security bulletin. Vulnerability Details Refer to the securi...

5.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 1:58 p.m.8 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-36099)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

4.9CVSS5.5AI score0.00299EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 1:56 p.m.9 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-33142)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS5.5AI score0.00252EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 1:55 p.m.8 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-7962)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS5.5AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 1:55 p.m.8 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-12635)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

5.4CVSS5.2AI score0.00139EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 1:54 p.m.9 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2025-48976)

Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

7.5CVSS8.2AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 11:30 a.m.24 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow traditional - CVE-2025-46392

Summary IBM Business Automation Workflow embedded Navigator packages a vulnerable version of Apache commons-configuration. Vulnerability Details CVEID:CVE-2025-46392 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in...

6.5CVSS6.3AI score0.01663EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 10:58 a.m.8 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...

4.9CVSS5.5AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/18 5:17 a.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector

Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 7.1.0 Vulnerability Details CVEID:CVE-2025-12194 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion...

9CVSS6.5AI score0.0262EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 10:9 p.m.10 views

Security Bulletin: IBM i is affected by denial of service vulnerabilities in Db2 JSON Store Technology Preview [CVE-2025-66453]

Summary Db2 for IBM i JSON Store Technology Preview is vulnerable to a denial of service when using the toFixed function CVE-2025-66453 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript...

7.5CVSS5.6AI score0.00235EPSS
Exploits0Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:4 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925 and CVE-2026-1188 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is...

9.8CVSS6.2AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 2:17 p.m.11 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to...

8.8CVSS6.1AI score0.01495EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 1:36 p.m.9 views

Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.

Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-470...

8.4CVSS7.5AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 12:10 p.m.9 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All...

7.5CVSS5.7AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 12:4 p.m.12 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang:...

7.5CVSS6.5AI score0.03092EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 8:47 a.m.15 views

Security Bulletin: IBM Event Streams is vulnerable to a denial of service

Summary IBM Event Streams is vulnerable to a denial of service due to improper buffer release in quarkus-resteasy. CVE-2025-1634 Vulnerability Details CVEID:CVE-2025-1634 DESCRIPTION: A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low...

7.5CVSS5.8AI score0.00759EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 8:45 a.m.11 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server traditional which could provide weaker than expected security.

Summary The security issue described in CVE-2025-13333 has been identified in the WebSphere Application Server traditional included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixe...

4.9CVSS5.4AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 8:44 a.m.10 views

Security Bulletin: IBM Event Streams is vulnerable to an OutOfMemoryError (CVE-2025-1948)

Summary IBM Event Streams is vulnerable to an OutOfMemoryError due to uncontrolled memory allocation in Jetty HTTP/2. Vulnerability Details CVEID:CVE-2025-1948 DESCRIPTION: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 setting...

7.5CVSS7.4AI score0.00625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 8:41 a.m.8 views

Security Bulletin: IBM Event Endpoint Management is vulnerable to information disclosure (CVE-2025-68429)

Summary IBM Event Endpoint Management may be vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2025-68429 DESCRIPTION: Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior t...

7.3CVSS5.6AI score0.00235EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 8:0 a.m.11 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.(CVE-2025-36407)

Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36407 DESCRIPTION: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...

6.5CVSS5.5AI score0.00275EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 7:45 a.m.31 views

Security Bulletin: IBM® Db2® is vulnerable to a denial of service when using certain functions in a query (CVE-2025-36366)

Summary IBM® Db2® could allow a user to cause a denial of service by executing a query that invokes the JSONObject scalar function, which may trigger an unhandled exception leading to abnormal server termination. Vulnerability Details CVEID:CVE-2025-36366 DESCRIPTION: IBM Db2 for Linux, UNIX and...

6.5CVSS5.5AI score0.00355EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 7:33 a.m.14 views

Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Critical XXE in Apache Tika (CVE-2025-54988)

Summary IBM OpenPages for Cloud Pak for Data is Vulnerable to Apache Tika 1.13 through and including 3.2.1 on all platforms . These vulnerabilities were remediated. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 throu...

9.8CVSS5.5AI score0.02962EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:45 a.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2025-13333)

Summary IBM WebSphere Application Server is used by IBM Tivoli System Automation Application Manager and could provide weaker than expected security. Required fixes for affected WebSphere Application Server has been published in the security bulletin links below. Vulnerability Details Refer to th...

4.9CVSS5.3AI score0.0031EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:39 a.m.14 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kafka-clients

Summary IBM webMethods BPM uses kafka-clients.jar which is pulled in automatically as a dependency of webmethods event streaming library, Kafka-clients.jar provides Apache Kafka client APIs for producing and consuming messages. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: A security...

8.8CVSS7.6AI score0.95302EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 4:38 a.m.8 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to bc-fips

Summary IBM webMethods BPM uses bc-fips which is pulled in by webMethods Integration Server core for FIPS-compliant cryptographic operations. The BPM Process Engine relies on IS infrastructure for security but doesn't directly use Bouncy Castle APIs. Vulnerability Details CVEID:CVE-2025-8885...

6.3CVSS5.5AI score0.00505EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608