34926 matches found
Security Bulletin: gRPC HTTP/2 HPACK Desynchronization Vulnerability Allowing Header Leakage and Privilege Escalation, affects watsonx.data
Summary When gRPC encountered an exceeded header size error, it stopped parsing the remainder of the HPACK frame. This also prevented HPACK dynamic table updates from being processed, causing the sender and receiver HPACK tables to fall out of sync. In environments using an HTTP 2 proxy in front ...
Security Bulletin: Jetty HTTP/2 Unvalidated SETTINGS_MAX_HEADER_LIST_SIZE Leads to Out-of-Memory DoS , affects watsonx.data
Summary In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-5197.
Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-5197. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-5197 DESCRIPTION: A Regular Expression Deni...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6921.
Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6921. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-6921 DESCRIPTION: The huggingface/transformers library,...
Security Bulletin: IBM Edge Data Collector usescurve25519-dalek-3.2.0.crate which is vulnerable to CVE-2024-58262.
Summary IBM Edge Data Collector usescurve25519-dalek-3.2.0.crate which is vulnerable to CVE-2024-58262. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-58262 DESCRIPTION: The curve25519-dalek crate before 4.1.3 for Rust has a constant-time...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2025) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2025. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...
Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]
Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The methods in the classes listed below fail to restrict inpu...
Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Netcool Configuration Manager (ITNCM), is affected by SMTP injection due to Jakarta Mail(CVE-2025-7962).
Summary WebSphere Application Server, used by IBM Tivoli Netcool Configuration Manager ITNCM, is affected by SMTP injection due to Jakarta Mail. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...
Security Bulletin: Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885).
Summary Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability CVE-2025-8885. The FIPS 140-2 Bouncy Castle Crypto package has been updated in order to address the vulnerability. Vulnerability...
Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector
Summary Multiple vulnerabilities were addressed in IBM Disconnected Log Collector version 2.0.0. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...
Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility
Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate...
Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...
Security Bulletin: WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.js
Summary WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.jsCVE-2020-36732 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)
Summary There is a vulnerability in the Jakarta Mail library which affects IBM WebSphere Application Server traditional JavaMail and affects WebSphere Application Server Liberty with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details CVEID:CVE-2025-7962...
Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway
Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attacke...
Security Bulletin: Multiple vulnerabilities in IBM QRadar Use Case Manager app
Summary Multiple vulnerabilities were addressed in IBM QRadar Use Case Manager app version 4.1.0 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236)
Summary Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2025-36251, CVE-2025-36250, obtain Network Installation Manager NIM private keys CVE-2025-36096, or traverse directories CVE-2025-36236. These vulnerabilities are addressed through the fixes referenced ...
Security Bulletin: Elasticsearch node crash triggered by crafted pipeline using PatternBank recursion, affects watsonx.data
Summary A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigne...
Security Bulletin:Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.7.0 Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Security Bulletin:Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.7.0 Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data...
Security Bulletin: Vulnerability in IBM Java may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management
Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Space Management and IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by DDL component that could allow a remote attacker to cause high confidentiality...
Security Bulletin: Due to use of Business Automation Workflow, Cloud Pak System is affected by out-of-bounds write vulnerability [CVE-2022-42920]
Summary IBM Business Automation Workflow is shipped as IBM Business Automation Workflow Pattern Type pType of IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service which is vulnerable to CVE-2025-36000.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service which is vulnerable to CVE-2025-36000. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36000...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a security bypass in JMS messaging which is vulnerable to CVE-2025-36124.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a security bypass in JMS messaging which is vulnerable to CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability (CVE-2025-61795).
Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability CVE-2025-61795. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper...
Security Bulletin: Fixes to common vulnerabilities found in IBM Db2 High Performance Unload
Summary Fixes to common vulnerabilities discovered in IBM Db2 High Performance Unload v12.1 are available to download from IBM. Vulnerability Details CVEID:CVE-2025-33126 DESCRIPTION: IBM Db2 High Performance Unload could allow an authenticated user to cause the program to crash due to the...
Security Bulletin: Vulnerability in NX-OS Firmware and DCNM Software used by IBM c-type SAN directors and switches.
Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code and NDFC code levels listed below. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing...
Security Bulletin: Multiple vulnerabilities in IBM Cognos Controller
Summary Multiple vulnerabilities were addressed in IBM Cognos Controller 11.0.1 FP7 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions th...
Security Bulletin: IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-57822.
Summary IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-57822. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-57822 DESCRIPTION: Next.js is a React framework for building full-stack web applications...
Security Bulletin: IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-55173, CVE-2025-57752.
Summary IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-55173, CVE-2025-57752. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-55173 DESCRIPTION: Next.js is a React framework for building full-stack...
Security Bulletin: IBM Edge Data Collector uses axios-1.11.0.tgz which is vulnerable to CVE-2025-58754.
Summary IBM Edge Data Collector uses axios-1.11.0.tgz which is vulnerable to CVE-2025-58754. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Wh...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350.
Summary IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-57350 DESCRIPTION: The csvtojson package, a tool for...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343.
Summary IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to Apache Lucene
Summary IBM webMethods BPM uses Apache Lucene in designer-process-feature and metadata-core-feature for text processing and filtering purpose. Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression...
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent
Summary Vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of agent framework in ITCAM for Applications WebSphere MQ Monitoring Agent. CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP compone...
Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-48795 CVE-2025-48913)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163.
Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous,...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses requests-2.32.2-py3-none-any.whl, requests-2.32.3-py3-none-any.whl which are vulnerable to CVE-2024-47081.
Summary IBM Maximo Application Suite - Monitor Component uses requests-2.32.2-py3-none-any.whl, requests-2.32.3-py3-none-any.whl which are vulnerable to CVE-2024-47081. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933.
Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-3933 DESCRIPTION: A Regular Expression Deni...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service in glassfish jso np and vulnerable to CVE-2025-36097
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service in glassfish jso np and vulnerable to CVE-2025-36097. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795.
Summary IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.2.2-py3-none-any.whl, urllib3-2.2.3-py3-none-any.whl, urllib3-2.4.0-py3-none-any.whl which is vulnerable to CVE-2025-50182, CVE-2025-50181.
Summary IBM Maximo Application Suite - Monitor Component uses urllib3-2.2.2-py3-none-any.whl, urllib3-2.2.3-py3-none-any.whl, urllib3-2.4.0-py3-none-any.whl which is vulnerable to CVE-2025-50182, CVE-2025-50181. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses commons-lang3-3.17.0.jar which is vulnerable to CVE-2025-48924.
Summary IBM Maximo Application Suite - Monitor Component uses commons-lang3-3.17.0.jar which is vulnerable to CVE-2025-48924. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerabilit...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK ( CVE-2025-53066 & CVE-2025-53057 )
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Access Control and Exposure of Sensitive Information to an Unauthorized Actor due to IBM Java SDK. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related...
Security Bulletin: Due to the use of IBM SDK, IBM Sterling Partner Engagement Manager is vulnerable to a Remote Code Execution.
Summary IBM Sterling Partner Engagement Manager uses IBM SDK within the product. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that...
Security Bulletin: Due to use of quartz-jobs, IBM Sterling Partner Engagement Manager is vulnerable to a code injection.
Summary IBM Sterling Partner Engagement Managaer uses quartz-jobs, within the product CVE-2025-4447. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component...
Security Bulletin: IBM Jazz Reporting Service is affected by improper access control due to Apache Commons
Summary Apache Commons is used internally by IBM Jazz Reporting Service CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers...