35608 matches found
Security Bulletin: Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
Summary Fixes to common vulnerabilities discovered in IBM Db2 Merge Backup for Linux, UNIX and Windows v12.1 are available to download from IBM. Vulnerability Details CVEID:CVE-2025-33130 DESCRIPTION: IBM Db2 Merge Backup for Linux, UNIX and Windows could allow an authenticated user to cause the...
Security Bulletin: IBM Financial Transaction Manager for ACH Services and Check Services is impacted by multiple vulnerabilities
Summary IBM Financial Transaction Manager for ACH Services and Check Services has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data...
Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization
Summary IBM Financial Transaction Manager for RedHat OpenShift has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-65637 DESCRIPTION: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger th...
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service when manipulating or using queries with federated objects (CVE-2025-14689)
Summary IBM® Db2® federated server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects. Vulnerability Details CVEID:CVE-2025-14689 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability (CVE-2025-14914)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a remote code execution vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure under specific HADR configuration (CVE-2025-36425)
Summary IBM® Db2® could allow an authenticated user to obtain sensitive information under specific HADR configuration. Vulnerability Details CVEID:CVE-2025-36425 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to obtain sensitive...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution vulnerability (CVE-2025-14914)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a remote code execution vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM® Db2® is vulnerable to external entities parsing in XML (CVE-2025-36247)
Summary IBM® Db2® is vulnerable to an XML external entity injection XXE attack when processing XML data. Vulnerability Details CVEID:CVE-2025-36247 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to an XML external entity injection XXE attack when...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations (CVE-2025-2668)
Summary IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query that uses ALTER TABLE operations. Vulnerability Details CVEID:CVE-2025-2668 DESCRIPTION: IBM Db2 for...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a remote code execution vulnerability (CVE-2025-14914)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a remote code execution vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-61725 DESCRIPTION: The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large...
Security Bulletin: A vulnerability in IBM Semeru Runtime affects z/Transaction Processing Facility
Summary There is a vulnerability in IBM® Semeru Runtime Certified Edition 11 and IBM® Semeru Runtime Certified Edition 21 that are used by the z/TPF system. z/TPF has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE...
Security Bulletin: A security vulnerability has been identified in IBM StreamSets Data Collector
Summary A security vulnerability CVE-2025-41242 has been addressed in IBM StreamSets Data Collector version 7.1.0 Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servle...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Cloudkit are now addressed in 5.2.3.6 and 6.0.0.1 (CVE-2025-47914, CVE-2025-58181, CVE-2025-47913)
Summary The following security vulnerabilities impacting deployments utilizing IBM Storage Scale CloudKit have been addressed in 5.2.3.6 and later, and 6.0.0.1 and later. These issues could have resulted in reduced security assurances under certain configurations. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.0.1 Vulnerability Details CVEID:CVE-2023-39804 DESCRIPTION: In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. CVSS Source: IBM X-Force CVSS Base...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment (CVE-2025-13689)
Summary Runtime environment is used by DataStage on Cloud Pak for Data as part of upload file processing. Vulnerability Details CVEID:CVE-2025-13689 DESCRIPTION: DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive informatio...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to sensitive information leaks due to HTTP processing (CVE-2025-13691)
Summary HTTP processing is used by DataStage on Cloud Pak for Data as part of the overall request processing. Vulnerability Details CVEID:CVE-2025-13691 DESCRIPTION: IBM DataStage on Cloud Pak for Data returns sensitive information in an HTTP response that could be used to impersonate other users...
Security Bulletin: qs parse module DoS vulnerability: arrayLimit bypass via bracket notation allows memory exhaustion (qs < 6.14.1)
Summary An input validation flaw in qs 6.14.1 allows attackers to bypass arrayLimit using bracket notation a=x, leading to unauthenticated HTTP denial-of-service via memory exhaustion. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse...
Security Bulletin: Vulnerability in IBM WebSphere Application (CVE-2025-7962) affects IBM PowerVM Novalink.
Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273
Summary IBM Maximo Application Suite - Visual Inspection component was using python,nginx and packages which were vulnerable to CVE-2025-4435, CVE-2025-23419, CVE-2025-4330, CVE-2025-4138, CVE-2025-47273. This bulletin contains information regarding the vulnerability and its remediation...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses urllib3 which is vulnerable to CVE-2025-66418 and CVE-2025-66471
Summary IBM Maximo Application Suite - Visual Inspection component uses urllib3 which is vulnerable to CVE-2025-66418 and CVE-2025-66471. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a...
Security Bulletin: AIX/VIOS is vulnerable to denial of service and possible code execution due to Perl (WS-2025-0004)
Summary Vulnerability in Perl could allow an attacker to cause a denial of service or possibly execute code WS-2025-0004. AIX uses Perl in various operating system components. Vulnerability Details ID:WS-2025-0004 DESCRIPTION: Fix a class of false positives where input should have been rejected...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Denial of Service due to IBM Liberty Server (CVE-2025-36000)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the denial-of-service security vulnerability Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. Th...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in jws-3.2.2.tgz Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in logback-core-1.3.15.jar Vulnerability Details CVEID:CVE-2025-11226 DESCRIPTION: ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.4-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in werkzeug-3.1.4-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-21860 DESCRIPTION: Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in commons-lang-2.6.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in commons-lang-2.6.jar Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6,...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700
Summary IBM Virtualization Engine TS7700 is susceptible to information Disclosure CVE-2025-53066 and one Tampering CVE-2025-53057 unauthorized data access due to the use of IBM® SDK Java™ Technology Edition, Version 8 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...
Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Denial of Service.
Summary IBM Virtualization Engine TS7700 is susceptible to denial-of-service condition due to the use of Python CVE-2025-6069. TS7700 uses Python to perform operations with the Cloud and internal system configuration tasks. Vulnerability Details CVEID:CVE-2025-6069 DESCRIPTION: The...
Security Bulletin: The Dashboard of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure (CVE-2025-36348)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-36348 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway could allow a remote privileged attacker to obtain sensitive...
Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities
Summary IBM Enterprise Build of Quarkus is affected by Netty CRLF injection vulnerability, SCRAM authentication vulnerability, Hibernate Reactive database connection leak vulnerability and Quarkus REST worker thread exhaustion vulnerability. Vulnerability Details CVEID:CVE-2025-14969 DESCRIPTION:...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.20 LTS and 12.20.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality (CVE-2025-61727) and denial of service (CVE-2025-61729)
Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to Goland module crypto/x509. This bulletin provides patch information to address the reported vulnerabilities in Goland module crypto/x509...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to remote code execution (CVE-2026-21226)
Summary Python module azure-core is present in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to remote code executiuon. This bulletin provides patch information to address the...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service (CVE-2025-12758, CVE-2025-13466, CVE-2025-14874) and loss of confidentiality (CVE-2025-65945)
Summary IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported vulnerabilities in Node.js modules validator CVE-2025-12758, body-parser CVE-2025-13466, nodemailer...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality (CVE-2026-22817, CVE-2026-22818)
Summary IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality due to Node.js module hono. This bulletin provides patch information to address the reported vulnerability in Node.js module hono CVE-2026-22817,...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality [CVE-2025-13491]
Summary IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality. This is due to insfficient write protection to files inside the mapping assistance image. This bulletin provides patch information to address th...
Security Bulletin: Due to the use of jackson-core, IBM webMethods BPM and IBM webMethods Integration are vulnerable to multiple vulnerabilities
Summary IBM webMethods BPM and IBM webMethods Integration are dependant on jackson-databind which is affected by a known vulnerabilities WS-2022-0468, CVE-2022-42004, CVE-2022-42003, CVE-2023-35116. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2026-21925, CVE-2026-21945)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: A security vulnerability have been identified in IBM WebSphere Application Server shipped with IBM DevOps Code ClearCase (CVE-2025-30754)
Summary IBM WebSphere Application Server WAS is shipped as a component of IBM DevOps Code ClearCase. Information about security vulnerabilities affecting WAS have been published in security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Reliability Strategies was using vulnerable library
Summary Reliability Strategies was using vulnerable library qs-6.13.0 which are vulnerable to CVE-2025-15284 Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. SummaryThe arrayLimit...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability intomcat-embed-core-10.1.42.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability intomcat-embed-core-10.1.42.jar Vulnerability Details CVEID:CVE-2025-55752 DESCRIPTION: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in brace-expansion-1.1.11.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in brace-expansion-1.1.11.tgz Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue ...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.1.1-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.1.1-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-62707 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in Java SE related to the JAXP component
Summary IBM Watson Discovery Cartridge affected by vulnerability in Java SE related to the JAXP component Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impac...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-12060 DESCRIPTION: The keras.utils.getfile API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty
Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in on-headers-1.0.2.tgz
Summary Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in on-headers-1.0.2.tgz Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in keras-3.11.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-12058 DESCRIPTION: The Keras.Model.loadmodel method, including when executed with the intended security mitigation safemode=True, is vulnerable to arbitrary local...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.11.0.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.11.0.tgz Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on...