Lucene search
K

35778 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:23 p.m.9 views

Security Bulletin: Disk Cache Deserialization Remote Code Execution Vulnerability

Summary A remote code execution vulnerability was discovered in the disk-based caching mechanism. The vulnerability arose from unsafe deserialization of pickle data in cache services, which processed cached items without validation or integrity checks. An attacker who could influence or tamper wi...

6.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:23 p.m.5 views

Security Bulletin: Authentication Bypass in Webhook Endpoints Allowed Unauthorized Flow Execution

Summary A vulnerability in the webhook authentication logic allowed unauthenticated users to trigger execution of any flow. The system incorrectly bypassed API key validation when the WEBHOOKAUTHENABLE configuration was set to False the default setting, allowing remote attackers who knew a flow's...

6.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:22 p.m.5 views

Security Bulletin: Policies Component Dynamic CodeInput Fields Bypass Custom Component Validation

Summary A validation bypass existed in the flow component code verification mechanism. The custom component policy enforcement validated only the main component code field but did not extend validation to dynamic CodeInput fields used by the Policies component. An authenticated user could craft a...

6.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:13 p.m.8 views

Security Bulletin: Incomplete Security Scanner Blocklist Enables Network-Based Code Execution

Summary A security vulnerability was identified in the code security scanner where the DANGEROUSIMPORTS blocklist incompletely addressed network-based code execution risks. While subprocess module imports were correctly blocked, socket and urllib standard library modules were omitted from the...

6.4AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 5:47 p.m.4 views

Security Bulletin: Multiple vulnerabilities within WebSphere Application Server, affect IBM Tivoli Monitoring.

Summary Multiple vulnerabilities within WebSphere Application Server which is included as part of IBM Tivoli Monitoring ITM portal server have been addressed. Vulnerability Details CVEID:CVE-2026-4410 DESCRIPTION: IBM WebSphere Application Server - Liberty 19.0.0.7 through 26.0.0.5 and IBM...

9.1CVSS6.4AI score0.00508EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 5:9 p.m.4 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty (bundled with IBM Enterprise Application Runtimes) affected by multiple vulnerabilities using Web Server Plug-ins (CVE-2026-9072, CVE-2026-8858, CVE-2026-10852)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by remote code execution and a denial of service when using the optional and separately installable Web Server Plug-ins for IBM WebSphere...

9.8CVSS6.4AI score0.00409EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 4:17 p.m.6 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2019-17598 DESCRIPTION: An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests usin...

8.1CVSS6.6AI score0.09254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 1:57 p.m.7 views

Security Bulletin: The IBM Common Licensing using IBM® SDK, Java™ Technology Edition affected by multiple vulnerabilities

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their January 2026 Critical Patch Update. For more information please refer to Oracle's January 2026 CPU Advisory and the CVE links referenced below. IBM Common Licensing i...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 12:55 p.m.3 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in golang.org/x/net

Summary Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in golang.org/x/net. CVE-2026-33814 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loo...

7.5CVSS6.6AI score0.00781EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 12:43 p.m.3 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in net

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in net. CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-39821, CVE-2026-42502, CVE-2026-42506 The vulnerabilities have been addressed. Vulnerability Details...

9.6CVSS6.9AI score0.00478EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 11:8 a.m.8 views

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition v4.2. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in the below mentioned security bulletins. Vulnerability Details Refer to the...

5.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 10:48 a.m.3 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.25 LTS and 13.3.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

9.1CVSS7.1AI score0.01263EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 10:42 a.m.5 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to multiple CVEs

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality and denial of service due to multiple CVEs. This bulletin provides patch information to address the vulnerabilities Vulnerability Details CVEID:CVE-2026-56761 DESCRIPTION: hono...

9.1CVSS7.1AI score0.0086EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 9:52 a.m.6 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Businsess Automation Workflow (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171,CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

9.3CVSS5.8AI score0.00474EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 9:32 a.m.3 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2026-8644)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2026-8644 DESCRIPTION: IBM WebSphere...

9.1CVSS5.7AI score0.0033EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 9:29 a.m.3 views

Security Bulletin: WebSphere Application Server traditional shipped with IBM Tivoli System Automation Application Manager is affected by remote code execution (CVE-2026-9319)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:CVE-2026-9319 DESCRIPTION: CWE:CWE-502:...

9CVSS6.3AI score0.00458EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:26 a.m.4 views

Security Bulletin:IBM webMethods Integration could allow an unauthenticated remote attacker to execute arbitrary code on the system due to the deserialization of untrusted data

Summary WmServiceMock is bundled with IBM webMethods Integration Server. Remediation steps are provided below CVE-2026-12118 Vulnerability Details CVEID:CVE-2026-12118 DESCRIPTION: IBM webMethods Integration could allow an unauthenticated remote attacker to execute arbitrary code on the system du...

6.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:14 a.m.5 views

Security Bulletin: IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty may be affected by identity spoofing (CVE-2026-3621)

Summary IBM WebSphere Application Server Liberty is affected by identity spoofing when the appSecurity feature appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0 is "not enabled" on the server. Following IBM Engineering Lifecycle Management products are...

7.5CVSS5.8AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 7:5 a.m.4 views

Security Bulletin: IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty may be affected by server-side request forgery (CVE-2026-1561)

Summary IBM WebSphere Application Server Liberty is affected by server-side request forgery with the samlWeb-2.0 feature enabled. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, Global...

5.4CVSS7.3AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/02 5:15 a.m.4 views

Security Bulletin: Multiple Security Vulnerabilities in Apache-MINA libraries used by IBM Tivoli Netcool Configuration Manager

Summary Multiple vulnerabilities in the third-party Apache-MINA libraries used by IBM Tivoli Netcool Configuration Manager have been addressed. Vulnerability Details CVEID:CVE-2026-42778 DESCRIPTION: The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X branches. Here was the original...

10CVSS7.4AI score0.23932EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 10:38 p.m.4 views

Security Bulletin: Due to the use of OpenSSL, IBM EntireX is vulnerable to multiple vulnerabilities

Summary Due to the use of OpenSSL, IBM EntireX is vulnerable to multiple vulnerabilities CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34182, CVE-2026-42766, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447. To address the vulnerabilities, the version of OpenSSL used by IBM...

9.1CVSS7.9AI score0.02719EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 10:0 p.m.5 views

Security Bulletin: IBM MQ for HPE NonStop is affected by vulnerabilities in OpenSSL

Summary IBM MQ for HPE NonStop is affected by OpenSSL vulnerabilities CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790, CVE-2026-2673. Vulnerability Details CVEID:CVE-2026-28387 DESCRIPTION: Issue summary: An uncommon configuration of clients performi...

9.8CVSS8AI score0.01059EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:59 p.m.3 views

Security Bulletin: IBM MQ for HPE NonStop is vulnerable to an issue in zlib (CVE-2026-27171)

Summary IBM MQ for HPE NonStop is vulnerable to an issue in versions of zlib, due to excessive CPU consumption when inputs are not properly validated. Vulnerability Details CVEID:CVE-2026-27171 DESCRIPTION: zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combinegen64 because...

5.5CVSS6AI score0.00204EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:59 p.m.3 views

Security Bulletin: IBM MQ for HPE NonStop may disclose a password within trace output (CVE-2025-36100)

Summary IBM MQ for HPE NonStop Java and JMS may display a password when trace is enabled. Vulnerability Details CVEID:CVE-2025-36100 DESCRIPTION: IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through...

5.5CVSS5.9AI score0.00094EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:58 p.m.3 views

Security Bulletin: IBM MQ for HPE NonStop is vulnerable to a denial of serviceable issue (CVE-2024-54175)

Summary IBM MQ for HPE NonStop channel agent amqrmppa process fails and produces FDC records after an improper condition check. Vulnerability Details CVEID:CVE-2024-54175 DESCRIPTION: IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow a local user to cause a denial of service due to an...

5.5CVSS5.8AI score0.00133EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:58 p.m.4 views

Security Bulletin: IBM MQ for HPE NonStop is affected by denial of service vulnerability (CVE-2025-27365)

Summary IBM MQ for HPE NonStop has addressed a denial of service vulnerability CVE-2025-27365 when a Client connects to an MQ Queue Manager Vulnerability Details CVEID:CVE-2025-27365 DESCRIPTION: IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0,...

6.5CVSS6.5AI score0.00313EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:30 p.m.9 views

Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...

6CVSS5.9AI score0.00169EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 9:29 p.m.10 views

Security Bulletin: Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-7474 DESCRIPTION: A user with...

8.8CVSS6.1AI score0.06892EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 7:41 p.m.5 views

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact 7.1.1.0

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.1.1 Vulnerability Details CVEID:CVE-2026-42198 DESCRIPTION: pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of...

9.1CVSS6.1AI score0.0077EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 6:28 p.m.40 views

Security Bulletin: Audit Log Plugin Directory Guard Bypass via Legacy path Option

Summary HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17. Vulnerability Detail...

4.4CVSS5.7AI score0.00278EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 5:55 p.m.3 views

Security Bulletin: IBM DataPower Gateway affected by XML external entity injection (CVE-2025-36374)

Summary IBM DataPower Gateway affected by XML external entity injection CVE-2025-36374 Vulnerability Details CVEID:CVE-2025-36374 DESCRIPTION: IBM DataPower Gateway is vulnerable to an XML external entity injection XXE attack when processing XML data. A privileged user could exploit this...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 5:53 p.m.5 views

Security Bulletin: IBM DataPower Gateway affected by prototype pollution due to Axios (CVE-2026-42264)

Summary Axios is used by the UI and Gateway Director components of IBM DataPower Gateway Vulnerability Details CVEID:CVE-2026-42264 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL,...

9.1CVSS7AI score0.00715EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 5:52 p.m.4 views

Security Bulletin: IBM DataPower Gateway affected by denial of service (CVE-2026-12733)

Summary IBM DataPower Gateway affected by denial of service CVE-2026-12733 Vulnerability Details CVEID:CVE-2026-12733 DESCRIPTION: IBM DataPower Gateway could allow a remote attacker to cause a denial of service due to improper resource limitations. CWE:CWE-770: Allocation of Resources Without...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 5:37 p.m.4 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 8.0.9-IF0002 Vulnerability Details CVEID:CVE-2026-5598 DESCRIPTION: Covert timing channel vulnerability in Legion of the...

9.9CVSS7.1AI score0.00691EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 5:21 p.m.3 views

Security Bulletin: Multiple vulnerabilities reported in jQuery library shipped in IBM WebSphere eXtreme Scale Monitoring Console

Summary Multiple vulnerabilities reported in jQuery library shipped in IBM WebSphere eXtreme Scale Monitoring Console CVE-2020-11023, CVE-2020-7656,CVE-2019-11358,CVE-2021-41182,CVE-2021-41183,CVE-2021-41184,CVE-2022-31160 Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: In jQuery versions...

6.9CVSS6.3AI score0.87218EPSS
Exploits15Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 5:11 p.m.5 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details...

7.5CVSS5.8AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 5:11 p.m.4 views

Security Bulletin: IBM Tivoli Netcool Impact and IBM Tivoli Business Service Manager is vulnerable to man-in-the-middle attack due to Axis2 (CVE-2012-5785)

Summary Apache Axis2 is shipped with IBM Tivoli Netcool Impact and IBM Tivoli Business Service Manager as part of Web Services component. Information about security vulnerability affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2012-5785...

5.8CVSS7.3AI score0.02206EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 5:10 p.m.5 views

Security Bulletin: IBM Tivoli Netcool Impact and IBM Tivoli Business Service Manager is vulnerable to multiple vulnerabilities due to DB2 JDBC Driver

Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter, and is shipped DB2 driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerability affecting DB2 JDBC driver has been...

8.8CVSS7.3AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 4:49 p.m.3 views

Security Bulletin: Vulnerabilities in Apache Tomcat Server library (CVE-2026-41293, CVE-2026-24880) affect Power HMC.

Summary The Apache Tomcat Server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-41293 DESCRIPTION: Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1...

9.8CVSS7.1AI score0.01339EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 4:9 p.m.3 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-40895)

Summary IBM Security SOAR uses an older version of the follow-redirects component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.1 Vulnerability Details CVEID:CVE-2026-40895...

7.5CVSS7.1AI score0.00486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 2:21 p.m.3 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerability in uuid

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerability in uuid. CVE-2026-41907 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122...

9.3CVSS5.8AI score0.00337EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 2:15 p.m.4 views

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for June 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF008. These vulnerabilities have been also adressed in 24.0.0-IF007, 25.0.0-IF005 and 25.0.1-IF001. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the...

9.9CVSS7.4AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 2:12 p.m.7 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in ws

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in ws. CCVE-2026-45736 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-45736 DESCRIPTION: ws is an open source WebSocket client and server for Node.js. Pri...

7.5CVSS5.8AI score0.00745EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 1:54 p.m.3 views

Security Bulletin: Vulnerability in openssh library (CVE-2026-3497) affects Power HMC.

Summary The openssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-3497 DESCRIPTION: Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patch...

8.2CVSS7.3AI score0.0218EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 1:54 p.m.3 views

Security Bulletin: Vulnerabilities in IBM Semeru SDK (CVE-2026-34282, CVE-2026-22016, CVE-2026-23865, CVE-2026-22021, CVE-2026-22018, CVE-2026-22008, CVE-2026-34268, CVE-2026-22007) affect Power HMC.

Summary The IBM Semeru SDK library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-34282 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

7.5CVSS6.5AI score0.00702EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 1:54 p.m.3 views

Security Bulletin: Vulnerability in nghttp2 library (CVE-2026-27135) affects Power HMC.

Summary The nghttp2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-27135 DESCRIPTION: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library...

7.5CVSS7.1AI score0.00775EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 1:53 p.m.3 views

Security Bulletin: Vulnerability in libxml2 library (CVE-2025-9714) affects Power HMC.

Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-9714 DESCRIPTION: Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a...

6.2CVSS6.2AI score0.00144EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 1:53 p.m.4 views

Security Bulletin: Vulnerabilities in xorg-x11-server library (CVE-2026-33999, CVE-2026-34001, CVE-2026-34003) affect Power HMC.

Summary The xorg-x11-server library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-33999 DESCRIPTION: A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility...

7.8CVSS7.2AI score0.0038EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 1:52 p.m.3 views

Security Bulletin: Vulnerability in openssh library (CVE-2026-35387) affects Power HMC.

Summary The openssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-35387 DESCRIPTION: OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or...

6.5CVSS5.8AI score0.00237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 1:52 p.m.3 views

Security Bulletin: Vulnerabilities in kernel library (CVE-2025-68724, CVE-2026-31431) affect Power HMC.

Summary The kernel library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-68724 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in...

7.8CVSS6.8AI score0.96267EPSS
Exploits230Affected Software1
Total number of security vulnerabilities35778