Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 2:37 p.m.10 views

Security Bulletin: Location Service for ESRI Component uses urllib3-2.5.0 and werkzeug-3.1.3 library which were vulnerable to CVE-2025-66418, CVE-2025-66471 and CVE-2025-66221 respectively

Summary Location Service for ESRI Component uses urllib3-2.5.0 and werkzeug-3.1.3 library which were vulnerable to CVE-2025-66418, CVE-2025-66471 and CVE-2025-66221 respectively. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python...

8.9CVSS6AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 1:44 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.311 Vulnerability Details CVEID:CVE-2025-4878 DESCRIPTION: A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function...

8.6CVSS7AI score0.02394EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 7:37 a.m.17 views

Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-58056...

7.5CVSS6.4AI score0.02164EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 6:59 a.m.10 views

Security Bulletin: Multiple Vulnerabilities affects IBM Data Studio Client 4.2.0

Summary Security Fix of multiple Vulnerabilities of IBM Data Studio Client 4.2.0 Vulnerability Details CVEID:CVE-2021-2163 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high...

7.8CVSS7.2AI score0.05219EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 5:54 a.m.10 views

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager affected by multiple vulnerabilities due to IBM Java and its runtime

Summary IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of IBM Java and runtimes CVE-2025-53066, CVE-2025-53057 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could all...

7.5CVSS5.9AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 5:11 a.m.6 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to access control violation

Summary Access control violation vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-15395 DESCRIPTION: Jazz Foundation is vulnerable to access control violations that allows the users to view or access/perform actions...

5.4CVSS5.8AI score0.00176EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 5:8 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache POI

Summary A vulnerabilitiy has been identified in Apache POI, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files...

5.3CVSS5.7AI score0.01237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/28 3:42 p.m.21 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM. Vulnerability Details CVEID:CVE-2025-11083 DESCRIPTION: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component...

7.8CVSS5.7AI score0.01301EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/28 3:35 p.m.18 views

Security Bulletin: User Entity Behavior Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. User Entity Behavior Analytics App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-12758 DESCRIPTION: Versions of t...

8.7CVSS6.2AI score0.03307EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/28 11:8 a.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote...

7.5CVSS5.9AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/28 6:48 a.m.33 views

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2019 - Includes Oracle Oct 2019 CPU minus CVE-2019-2949

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 SR10-FP55 and Version 8 SR6-FP0 used by IBM Tivoli Application Dependency Discovery Manager TADDM. These issues were disclosed as part of the IBM Java SDK updates in Oct2019. Vulnerability Details...

6.8CVSS6.6AI score0.03749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/28 6:46 a.m.88 views

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities

Summary There are multiple vulnerabilities in IBM® WebSphere Liberty ,Version 8.5.5.8 used by IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack...

7.8CVSS7.3AI score0.87806EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/28 3:42 a.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect Rational Business Developer

Summary There are vulnerabilities in IBM Semeru Runtime used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Semeru Runtime Quarterly CPU - Oct 2025. Vulnerability Details CVEID:CVE-2025-53057...

7.5CVSS5.9AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/28 3:39 a.m.8 views

Security Bulletin: Vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer

Summary There are vulnerabilities in IBM® SDK Java™ used by Rational Business Developer. Rational Business Developer has provided fixes for the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in the Oracle October 2025 Critical Patch Update...

7.5CVSS5.9AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 3:7 p.m.11 views

Security Bulletin: A vulnerability in the Axios library affects Db2 Big SQL

Summary A vulnerability in the Axios library affects Db2 Big SQL 7.8 and earlier on Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a...

9.8CVSS5.9AI score0.00356EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 2:25 p.m.11 views

Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Data management console

Summary IBM Db2 Data management console has several dependent packages with vulnerabilities. This bulletin describes the upgrades necessary to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This iss...

9.8CVSS5.3AI score0.9378EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 9:3 a.m.14 views

Security Bulletin: IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika (CVE-2025-54988)

Summary IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika CVE-2025-54988. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika...

9.8CVSS5.8AI score0.02962EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 7:5 a.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Eclipse Jetty

Summary Vulnerabilities have been identified in Eclipse Jetty, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can rea...

7.8CVSS7.5AI score0.53861EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 7:0 a.m.10 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Nimbus JOSE+JWT

Summary Vulnerabilities have been identified in Nimbus JOSE+JWT, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to...

5.8CVSS5.9AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 6:59 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting

Summary Cross-site scripting vulnerability has been identified in IBM Engineering Lifecycle Management - Global Configuration Management. Vulnerability Details CVEID:CVE-2025-36033 DESCRIPTION: IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an...

5.4CVSS5.5AI score0.00136EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 6:55 a.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache PDFBox

Summary Vulnerabilities have been identified in Apache PDFBox, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2021-27807 DESCRIPTION: A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apac...

5.5CVSS5.9AI score0.02979EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 6:51 a.m.9 views

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in FasterXML jackson-databind

Summary Vulnerabilities have been identified in FasterXML jackson-databind, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion ca...

7.5CVSS7.3AI score0.17611EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 3:36 a.m.15 views

Security Bulletin: IBM App Connect for Healthcare is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core (CVE-2025-68161)

Summary IBM App Connect for Healthcare is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Log4j Core. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname...

6.3CVSS5.8AI score0.00743EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:59 p.m.7 views

Security Bulletin: This Power System update is being released to address CVE-2025-52497

Summary When Linux Secure Boot is enabled, a malformed public key certificate in the grubdb or grubdbx can cause a DoS blocking Linux partition boot or make a limited amount of partition memory available. Vulnerability Details CVEID:CVE-2025-52497 DESCRIPTION: Mbed TLS before 3.6.4 has a PEM...

4.8CVSS6AI score0.00277EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:58 p.m.9 views

Security Bulletin: This Power System update is being released to address CVE-2025-49087

Summary Mbed-TLS is used by partition firmware for Linux secure boot. This update is being released to mitigate any potential impacts to Linux partitions with secure boot enabled. Vulnerability Details CVEID:CVE-2025-49087 DESCRIPTION: In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing...

4CVSS5.9AI score0.00395EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:58 p.m.10 views

Security Bulletin: This Power System update is being released to address CVE-2025-36238

Summary If an attacker is able to gain system administrator access a Virtual TPM can be compromised through the use of a series of PowerVM service procedures. Vulnerability Details CVEID:CVE-2025-36238 DESCRIPTION: IBM PowerVM Hypervisor could allow a local user with administration privileges to...

6CVSS5.9AI score0.00155EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:58 p.m.6 views

Security Bulletin: This Power System update is being released to address CVE-2025-36194

Summary The PowerVM hypervisor may expose a limited amount of data to a peer partition in specific shared processor configurations during certain operations. Vulnerability Details CVEID:CVE-2025-36194 DESCRIPTION: IBM PowerVM hypervisor may expose a limited amount of data to a peer partition in...

3.3CVSS5.9AI score0.00113EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 8:22 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server and WebSphere Application Server Liberty due to the January 2026 CPU

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVEs listed in this document might affect some configurations of IBM WebSphere Application Server traditiona...

7.5CVSS6AI score0.00864EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 7:14 p.m.9 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Request Smuggling Vulnerability in Netty (CVE-2025-67735)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server and server-server inter-communication services. CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In version...

6.5CVSS5.8AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 3:4 p.m.9 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their January 2026 Critical Patch Update. For more information please refer to Oracle's January 2026 CPU Advisory and the CVE links referenced below. Vulnerability Details...

7.5CVSS6AI score0.00864EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 12:48 p.m.6 views

Security Bulletin: Security vulnerability found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms.

Summary A sensitive information exposure is found in the Red Hat Universal Base Image Minimal shipped with CICS Transaction Gateway for Multiplatforms. The CICS Transaction Gateway for Multiplatforms container has been updated to address the vulnerability. Vulnerability Details IBM X-Force ID:...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:18 a.m.11 views

Security Bulletin: Enterprise Content Managemant System Monitor for December 2025 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

7.5CVSS6.4AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:15 a.m.7 views

Security Bulletin: Enterprise Content Managemant System Monitor for December 2025 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

8.6CVSS6.5AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 10:12 a.m.17 views

Security Bulletin: Enterprise Content Managemant System Monitor for July 2025 - multiple CVEs

Summary Enterprise Content Management System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...

7.8CVSS6.6AI score0.0073EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/26 9:58 a.m.13 views

Security Bulletin: Security vulnerabilities found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms

Summary Security vulnerabilities found in the Red Hat Universal Base Image Minimal shipped with CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerability CVE-2024-28757, CVE-2025-59375, CVE-2025-5372. Vulnerability Details CVEID:CVE-2024-28757 DESCRIPTION: libexpat throug...

8.8CVSS5.8AI score0.02006EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 12:4 p.m.6 views

Security Bulletin: A vulnerability in NanoID affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in NanoID affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-55565 DESCRIPTION: nanoid aka Nano ID before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. CWE:CWE-835: Loop with Unreachable Exit Condition...

4.3CVSS5.7AI score0.00679EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 12:4 p.m.5 views

Security Bulletin: A vulnerability in the cookie package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the cookie package affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-47764 DESCRIPTION: cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie...

6.9CVSS5.9AI score0.00749EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 12:3 p.m.6 views

Security Bulletin: A vulnerability in the serve-static package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the serve-static package affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect may execute...

5CVSS5.8AI score0.00595EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 12:2 p.m.6 views

Security Bulletin: A vulnerability in the Send library affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the Send library affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect...

5CVSS5.7AI score0.00511EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 12:2 p.m.7 views

Security Bulletin: A vulnerability in express.js affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in express.js affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5 Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirec...

5CVSS5.8AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 12:1 p.m.5 views

Security Bulletin: A vulnerability in path-to-regexp affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in path-to-regexp affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can b...

7.5CVSS5.8AI score0.00932EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 12:0 p.m.6 views

Security Bulletin: A vulnerability in the Async package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in OpenSSL affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async = 2.6.4 and = 3.2.5 are vulnerable to ReDoS Regular Expression Denial of Service while parsing function in autoinject function. NOTE: this...

7.5CVSS5.7AI score0.00812EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 11:59 a.m.9 views

Security Bulletin: A vulnerability in Express.js affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in Express.js affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 and 5 Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are...

6.1CVSS5.8AI score0.00786EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 11:58 a.m.5 views

Security Bulletin: A vulnerability in the jackson-core package affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerability in the jackson-core package affect IBM® Db2® Big SQL 7.8 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The methods in the classes listed below fail to...

5.9AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 11:57 a.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL.

Summary Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL 7 on Cloud Pak for Data 4.8 and earlier Vulnerability Details CVEID:CVE-2023-45853 DESCRIPTION: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long...

9.8CVSS8AI score0.02918EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 11:56 a.m.4 views

Security Bulletin: A vulnerabilities in NPM package `braces` affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary A vulnerabilities in NPM package braces affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.8 and 5.0 and earlier. Vulnerability Details CVEID:CVE-2024-4068 DESCRIPTION: The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could...

7.5CVSS5.8AI score0.01471EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/25 11:19 a.m.12 views

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed

Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7647 DESCRIPTION: The llama-index-core package, up to version 0.12.44, contains a...

8.7CVSS5.5AI score0.00408EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/23 8:43 p.m.25 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-66418 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression cha...

8.9CVSS6.9AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/23 1:33 p.m.6 views

Security Bulletin: Vulnerability in jshttp on-headers affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerability in jshttp on-headers affect IBM® Db2® Big SQL 8.2.0 on IBM Cloud Pak for Data 5.2 Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in...

3.4CVSS5.7AI score0.00174EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/23 1:32 p.m.12 views

Security Bulletin: Vulnerability in juliangruber brace-expansion affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Vulnerability in juliangruber brace-expansion affect IBM® Db2® Big SQL 8.2 on IBM Cloud Pak for Data 5.2 and earlier Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as...

3.1CVSS4.1AI score0.00459EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608