35608 matches found
Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow containers January 2026
Summary In addition to updating many operating system level packages, IBM Business Automation Workflow container fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-47912 DESCRIPTION: The Parse function permits values other than IPv6 addresses to be included in squar...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2026.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF008. Vulnerability Details CVEID:CVE-2019-17543 DESCRIPTION: LZ4 before 1.9.2 has a heap-based buffer overflow in...
Security Bulletin: Due to use of VMware vCenter, IBM Cloud Pak System is affected by header injection and denial-of-service vulnerabilities [CVE-2025-41250,CVE-2025-41241]
Summary Due to use of VMware vCenter, IBM Cloud Pak System is affected by header injection and denial-of-service vulnerabilities CVE-2025-41250,CVE-2025-41241. IBM Cloud Pak System has addressed these vulnerabilities. IBM Cloud Pak System includes the patched vCenter Server 8.0 U3g release as par...
Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System
Summary Vulnerabilities in VMware ESXi affect IBM Cloud Pak System. IBM Cloud Pak System has addressed vulnerabilities. Cloud Pak Sytem has delivered updated workload nodes to VMware ESXi 83U3g. Vulnerability Details CVEID:CVE-2025-41236 DESCRIPTION: VMware ESXi, Workstation, and Fusion contain a...
Security Bulletin: A MongoDB zlib protocol flaw lets unauthenticated clients read uninitialized heap memory in multiple versions prior to patched releases.
Summary Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 versions prior to...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Denial of Service (DoS) due to malformed token parsing in golang.org/x/oauth2 module (CVE-2025-22868)
Summary Potential vulnerabilities in golang.org/x/oauth2 module CVE-2025-22868 have been identified that may affect IBM Cloud Pak for Data Vulnerability Details CVEID:CVE-2025-22868 DESCRIPTION: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during...
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation under specific configuration of cataloged remote storage aliases (CVE-2025-36365)
Summary IBM® Db2® under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key. Vulnerability Details CVEID:CVE-2025-36365 DESCRIPTION: IBM Db2 for Linux...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to service disruption due to memory exhaustion vulnerability in expression parser
Summary Potential vulnerabilities in github.com/Expr-lang/expr module CVE-2025-29786 have been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-29786 DESCRIPTION: Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if th...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to DoS due to unbounded memory allocation in golang.org/x/crypto SSH implementation (CVE-2025-22869)
Summary Potential vulnerabilities in golang.org/x/crypto module CVE-2025-22869 have been identified that may affect IBM Cloud Pak for Data Vulnerability Details CVEID:CVE-2025-22869 DESCRIPTION: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Regular Expression Denial of Service (ReDoS) due to cross-spawn
Summary cross-spawn is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReD...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Server-Side Request Forgery (SSRF) due to urllib3
Summary urllib3 is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiati...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling vulnerability due to gunicorn
Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-rag-tool Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watsonx Orchestrate Developer...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Path Traversal vulnerability due to github.com/gin-gonic/gin
Summary github.com/gin-gonic/gin is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watson...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.3.0 Vulnerability Details CVEID:CVE-2025-57319 DESCRIPTION: fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore functio...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses glob which is vulnerable to CVE-2025-64756.
Summary IBM Maximo Application Suite - Visual Inspection component uses glob which is vulnerable to CVE-2025-64756, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the she...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang-jwt which is vulnerable to CVE-2025-30204
Summary IBM Maximo Application Suite - Visual Inspection component uses golang-jwt which is vulnerable to CVE-2025-30204, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation o...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031
Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66030 DESCRIPTION: Forge also called...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816
Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses min-document which is vulnerable to CVE-2025-57352
Summary IBM Maximo Application Suite - Visual Inspection component uses min-document which is vulnerable to CVE-2025-57352, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-57352 DESCRIPTION: A vulnerability exists in the...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by SMTP injection due to Jakarta Mail and vulnerable to CVE-2025-7962.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by SMTP injection due to Jakarta Mail and vulnerable to CVE-2025-7962. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471.
Summary IBM Maximo Application Suite - Monitor Component uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a...
Security Bulletin: IBM Edge Data Collector uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471.
Summary IBM Edge Data Collector uses urllib3-2.5.0-py3-none-any.whl which is vulnerable to CVE-2025-66418, CVE-2025-66471. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154.
Summary IBM Maximo Application Suite - Monitor Component uses systeminformation-5.25.11.tgz which are vulnerable to CVE-2025-68154. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-68154 DESCRIPTION: systeminformation is a System...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945.
Summary IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature...
Security Bulletin: IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945.
Summary IBM Edge Data Collector uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In...
Security Bulletin: IBM Edge Data Collector uses bootstrap-table-1.18.1.min.js, bootstrap-table-1.18.2.min.js, bootstrap-table-export-1.18.2.min.js which are vulnerable to CVE-2022-1726, CVE-2021-23472.
Summary IBM Edge Data Collector uses bootstrap-table-1.18.1.min.js, bootstrap-table-1.18.2.min.js, bootstrap-table-export-1.18.2.min.js which are vulnerable to CVE-2022-1726, CVE-2021-23472. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566.
Summary IBM Maximo Application Suite - Monitor Component uses lz4-java-1.8.0.jar which is vulnerable to CVE-2025-12183, CVE-2025-66566. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-66566 DESCRIPTION: yawkat LZ4 Java provides...
Security Bulletin: IBM Edge Data Collector uses django-4.2.26-py3-none-any.whl which are vulnerable to CVE-2025-13372, CVE-2025-64460.
Summary IBM Edge Data Collector uses django-4.2.26-py3-none-any.whl which are vulnerable to CVE-2025-13372, CVE-2025-64460. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-13372 DESCRIPTION: An issue was discovered in 5.2 before...
Security Bulletin: IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861.
Summary IBM Edge Data Collector uses PyJWT-2.10.0-py3-none-any.whl which is vulnerable to CVE-2024-53861. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-53861 DESCRIPTION: pyjwt is a JSON Web Token implementation in Python. An...
Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...
Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.1.3,fonttools-4.60.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl,lodash.clonedeep-4.5.0.tgz,js-yaml-4.1.0.tgz,mdast-util-towhich is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite uses werkzeug-3.1.3-py3-none-any.whl, fonttools-4.60.0-cp311-cp311-manylinux2014x8664.manylinux217x8664.whl, lodash.clonedeep-4.5.0.tgz, js-yaml-4.1.0.tgz, mdast-util-towhich is vulnerable to CVE-2025-66221, CVE-2025-66034, CVE-2018-16487, CVE-2025-64718,...
Security Bulletin: IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345.
Summary IBM Edge Data Collector uses Python package - setuptools which is vulnerable to CVE-2025-47273, CVE-2024-6345. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users ...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906.
Summary IBM Maximo Application Suite - Monitor Component uses keras-3.10.0-py3-none-any.whl, keras-2.14.0-py3-none-any.whl which are vulnerable to CVE-2025-12058, CVE-2025-12060, CVE-2025-9905, CVE-2025-9906. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when given a specially crafted query (CVE-2025-36387)
Summary IBM® Db2® is vulnerable to a denial of service when given a specially crafted query with QGM objects that contain specific subquery expressions. Vulnerability Details CVEID:CVE-2025-36387 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an...
Security Bulletin: IBM® Db2® is vulnerable to privilege escalation due to the use of an unquoted search path element (CVE-2025-36384)
Summary IBM® Db2® for Windows could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. Vulnerability Details CVEID:CVE-2025-36384 DESCRIPTION: IBM Db2 for Windows could allow a local user with filesystem access to escalate the...
Security Bulletin: IBM® Db2® Federated server is affected by a vulnerability in bcprov-jdk18on and bcpkix-jdk18on (CVE-2025-8916)
Summary IBM® Db2® Federated server is affected by a vulnerability in bcprov-jdk18on and bcpkix-jdk18on. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules,...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2025-36353)
Summary IBM® Db2® is vulnerable to denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36353 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of servic...
Security Bulletin: IBM® Db2® Federated server is vulnerable to a denial of service as the server may crash when using a specially crafted statement (CVE-2025-36423)
Summary IBM® Db2® IBM® Db2® Federated server is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36423 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local use...
Security Bulletin: IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar ( CVE-2024-47072)
Summary IBM® Db2® is affected by the vulnerability in xstream-1.4.20.jar. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote attacker to terminate the application with a stack overfl...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to improper allocation of resources (CVE-2025-36098)
Summary IBM® Db2® could allow an authenticated user to cause a denial of service due to improper allocation of resources. Vulnerability Details CVEID:CVE-2025-36098 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service when copying large tables containing XML data (CVE-2025-36123)
Summary IBM® Db2® could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources. Vulnerability Details CVEID:CVE-2025-36123 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow ...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables (CVE-2025-36070)
Summary IBM® Db2® is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables. Vulnerability Details CVEID:CVE-2025-36070 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as a trap may occur...
Security Bulletin: IBM® Db2® is vulnerable to Local Privilege Escalation and get root access to the system (CVE-2025-36184)
Summary IBM® Db2® is vulnerable to Local Privilege Escalation to root due to execution of unnecessary privileges operated at a higher than minimum level. Vulnerability Details CVEID:CVE-2025-36184 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an instance...
Security Bulletin: IBM® Db2® could allow an authenticated user to cause a denial of service using a specially crafted SQL statement that includes XML (CVE-2025-36001)
Summary IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion. Vulnerability Details CVEID:CVE-2025-36001 DESCRIPTION: IBM Db2 for...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic (CVE-2025-36428)
Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled. Vulnerability Details CVEID:CVE-2025-36428 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an...
Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec, netty-codec-http and netty-codec-http2 (CVE-2025-58056, CVE-2025-58057, CVE-2025-55163)
Summary IBM® Db2® is affected by a vulnerability in netty-codec, netty-codec-http and netty-codec-http2. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2025-36442)
Summary IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. Vulnerability Details CVEID:CVE-2025-36442 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denia...
Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could cause denial of service or confidentiality impacts. CVE-2025-38471 CVE-2025-38718 CVE-2025-39682 CVE-2025-38550. Vulnerability Details CVEID:CVE-2025-38550 DESCRIPTION: In the Linux kernel, the following...
Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the Linux kernel affects IBM Storage Virtualize products and could cause a denial of service. CVE-2025-38718. Vulnerability Details CVEID:CVE-2025-38718 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets i...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718
Summary IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML...