35608 matches found
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in Oct 2025, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTIO...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions...
Security Bulletin: This Power System update is being released to address CVE-2025-49133
Summary The PowerVM Virtual Trusted Platform Module vTPM feature is impacted by the referenced vulnerability. This issue was fixed in a previous security bulletin for CVE-2025-2884: https://www.ibm.com/support/pages/node/7238453 Vulnerability Details CVEID:CVE-2025-49133 DESCRIPTION: Libtpms is a...
Security Bulletin: Multiple vulnerabilities within WebSphere Application and IBM HTTP Server, affect IBM Tivoli Monitoring.
Summary Multiple vulnerabilities within WebSphere Application and IBM HTTP Server which is included as part of IBM Tivoli Monitoring ITM portal server have been addressed. Vulnerability Details CVEID:CVE-2025-36099 DESCRIPTION: IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to a denia...
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in ICU libraries.
Summary The ucnvUTF8FromUTF8 function in ucnvu8.cpp in International Components for Unicode ICU for C/C++ through 60.1 mishandles ucnvconvertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or...
Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.
Summary IBM ApplinX has been updated in order to address the multiple vulnerabilities CVE-2025-36410, CVE-2025-36409, CVE-2025-36419, CVE-2025-36408, CVE-2025-36418, CVE-2025-36411. Vulnerability Details CVEID:CVE-2025-36410 DESCRIPTION: IBM ApplinX could allow an authenticated user to perform...
Security Bulletin: Multiple Vulnerabilities in IBM Engineering AI hub.
Summary Multiple vulnerabilities were addressed in IBM Engineering AI Hub version 1.1.0. Vulnerability Details CVEID:CVE-2025-58751 DESCRIPTION: Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the publi...
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition for IBM Content Collector for SAP Applications
Summary Multiple Vulnerabilities were disclosed as part of the Oracle January 2026 Critical Patch Update. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impac...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47913
Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/crypto which is vulnerable to CVE-2025-47913. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving...
Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak
Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities in WebSphere Liberty affect IBM Robotic Process Automation for Cloud Pak
Summary Multiple security vulnerabilities in WebSphere Liberty affect IBM Robotic Process Automation for Cloud Pak. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifies the fixes required to...
Security Bulletin: A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-27086)
Summary A vulnerability in Microsoft Authentication Library affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation for authentication processing. This bulletin identifies the security fixes to apply to...
Security Bulletin: A vulnerability in grpc affects IBM Robotic Process Automation and may result in unexpected results (CVE-2025-47907).
Summary A vulnerability in grpc affects IBM Robotic Process Automation and may result in unexpected results CVE-2025-47907. grpc is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak
Summary Multiple security vulnerabilities in Go affects IBM Robotic Process Automation for Cloud Pak. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...
Security Bulletin: Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation
Summary Multiple security vulnerabilities in .NET affect IBM Robotic Process Automation. .NET is used by IBM Robotic Process as part of it's development framework. This security bulletin identifies the fixes required to resolve these vulnerabilities Vulnerability Details CVEID:CVE-2024-29992...
Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation
Summary Multiple security vulnerabilities in Java affect IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the fixes required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-5305...
Security Bulletin: Multiple security vulnerabilities in Python affect IBM Robotic Process Automation
Summary Multiple security vulnerabilities in Python affect IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of Watson NLP. This bulletin identifies the fixes to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-8747 DESCRIPTION: A safe mode...
Security Bulletin: A vulnerability in Watson NLP affects IBM Robotic Process Automation which may result in arbitrary code execution (CVE-2025-1550).
Summary A vulnerability in Watson NLP affects IBM Robotic Process Automation which may result in arbitrary code execution. Watson NLP is used by IBM Robotic Process Automation for Natural Language Processing. This bulletin identifies the fixes required to address the vulnerablity. Vulnerability...
Security Bulletin: Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.
Summary Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX. These vulnerabilities are specifically found in the Sterling Connect:Express Adapter for Sterling B2B Integrator. The Web interface is delivered with this product as an additional component of the services...
Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak
Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base image for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...
Security Bulletin: Confidentiality Vulnerability in IBM Watson Explorer Related to Java SE JAXP
Summary IBM SDK, Java Technology is used within IBM Watson Explorer CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact,...
Security Bulletin:Vulnerability in glib2 affects IBM Netezza Appliance
Summary The glib2 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-13601, CVE-2025-14512, CVE-2025-14087 Vulnerability Details CVEID:CVE-2025-13601 DESCRIPTION: A heap-based buffer overflow problem was found in glib through an incorrect...
Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring
Summary Multiple Spring Vulnerabilities have been addressed in IBM Library Support for Spring Vulnerability Details CVEID:CVE-2025-41249 DESCRIPTION: The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...
Security Bulletin:Vulnerability in Requests affects IBM Netezza Appliance
Summary The Requests package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2024-47081, CVE-2023-32681, CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Requests releases...
Security Bulletin: Vulnerability in crypto/x509 affects IBM Netezza Appliance
Summary The crypto/x509 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61727, CVE-2025-61729 Vulnerability Details CVEID:CVE-2025-61727 DESCRIPTION: An excluded subdomain constraint in a certificate chain does not restrict the usage of...
Security Bulletin: Remediation of Multiple Apache Struts 1.3.10 Vulnerabilities in IBM Library Support for Struts
Summary Multiple EOL Apache Struts 1.3.10 Vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2025-54656 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Strut...
Security Bulletin: Vulnerability in filelock affects IBM Netezza Appliance
Summary The filelock package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-68146 Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a...
Security Bulletin: Vulnerability in Netty affects IBM Netezza Appliance
Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high...
Security Bulletin: Remediation of Multiple Apache Struts 1.1 Vulnerabilities in IBM Library Support for Struts
Summary Multiple Apache Struts 1.1 Vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2006-1546 DESCRIPTION: Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to bypass validation via a request with a...
Security Bulletin: Vulnerability in Java affects IBM Netezza Appliance
Summary The Java package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-21502 Vulnerability Details CVEID:CVE-2025-21502 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracl...
Security Bulletin: Remediation of Multiple Apache Struts 2.5.33 Vulnerabilities in IBM Library Support for Struts.
Summary EOL Apache Struts 2.5.33 vulnerability has been addressed in IBM Library Support for Struts. Vulnerability Details CVEID:CVE-2024-53677 DESCRIPTION: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some...
Security Bulletin: Due to the use of go-redis, IBM watsonx.ai on Cloud Pak for Data is vulnerable to out of order response during time-outs
Summary IBM watsonx.ai on Cloud Pak for Data internally uses go-redis CVE-2025-29923 Vulnerability Details CVEID:CVE-2025-29923 DESCRIPTION: go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order...
Security Bulletin: Netty Vulnerability Affects IBM Watson Machine Learning on CP4D (CVE-2021-21295)
Summary Netty is vulnerable to HTTP request smuggling, caused by improper validation of Content-Length header by the Http2MultiplexHandler on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-cor...
Security Bulletin:Vulnerability in Perl affects IBM Netezza Appliance
Summary The Perl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2020-10543, CVE-2020-10878, CVE-2025-40909, CVE-2020-12723 Vulnerability Details CVEID:CVE-2020-10543 DESCRIPTION: Perl before 5.30.3 on 32-bit platforms allows a heap-based...
Security Bulletin: Vulnerability in Netty affects IBM Netezza Appliance
Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-55163 Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and...
Security Bulletin: IBM WebSphere Automation is affected by MongoDB security vulnerability
Summary IBM WebSphere Automation is affected by a MongoDB security vulnerability CVE-2025-14847. Vulnerability Details CVEID:CVE-2025-14847 DESCRIPTION: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This...
Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation
Summary Multiple security vulnerabilities in Java affect IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the fixes required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-5005...
Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service (CVE-2025-58754)
Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service. form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...
Security Bulletin: A vulnerability in ASP.NET Core affects IBM Robotic Process Automation and could result in elevated privileges (CVE-2025-7326).
Summary A vulnerability in ASP.NET Core affects IBM Robotic Process Automation and could result in elevated privileges. ASP.NET Core is used by IBM Robotic Process as part of it's development framework. This security bulletin identifies the fixes required to resolve this fvulnerability...
Security Bulletin: A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation for Cloud Pak (CVE-2020-36732).
Summary A security vulnerability in WebSphere Liberty affects IBM Robotic Process Automation for Cloud Pak. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin identifies the fixes required to address this...
Security Bulletin: IBM Sterling Connect:Direct for UNIX Container is affected by vulnerability where hard-coded credentials are embeeded in the product for its internal use.
Summary IBM Sterling Connect:Direct for UNIX Container requires credential for Standard User Mode deployment. This fix removes the hard-coded credentials and uses dynamically generated one during container initialization. Vulnerability Details CVEID:CVE-2025-14115 DESCRIPTION: IBM® Sterling...
Security Bulletin: Bouncy Castle for Java BC-FJA NativeLoader Resource Consumption Issue, affects watsonx.data
Summary Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips API modules allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.NativeLoader. This issue affects Boun...
Security Bulletin: Improper Drive Name Handling in Node.js path.join on Windows, affect watsonx.data
Summary A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root...
Security Bulletin: IBM Controller is vulnerable to exposure of sensitive information
Summary There is a vulnerability in IBM Controller due to the use of hardcoded cryptographic keys for signing session cookies. This Security Bulletin addresses CVE-2025-36326. Vulnerability Details CVEID:CVE-2025-36326 DESCRIPTION: IBM Controller could allow an attacker to obtain sensitive...
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to Deserialization of Untrusted Data due to Apache Commons Collections (CVE-2015-6420)
Summary Apache Commons Collections is shipped with IBM Tivoli Business Service Manager as part of its backend process to enhance Java operations. Information about a security vulnerability affecting Apache Commons Collections has been published in a security bulletin. Vulnerability Details...
Security Bulletin: AIX/VIOS is vulnerable to an out-of-bounds read (CVE-2025-9230, CVE-2025-9232) due to OpenSSL
Summary Vulnerabilities in OpenSSL could allow an attacker to trigger an out-of-bounds read CVE-2025-9230, CVE-2025-9232. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt C...
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-6493 DESCRIPTION: A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown...
Security Bulletin:Vulnerability in pam affects IBM Netezza Appliance
Summary The pam package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-8941 Vulnerability Details CVEID:CVE-2025-8941 DESCRIPTION: A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local...
Security Bulletin:Vulnerability in gnuTLS affects IBM Netezza Appliance
Summary The gnuTLS package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-6395, CVE-2025-32990, CVE-2025-32989, CVE-2025-32988 Vulnerability Details CVEID:CVE-2025-6395 DESCRIPTION: A NULL pointer dereference flaw was found in the GnuTLS softwa...
Security Bulletin: IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF (CVE-2025-66516)
Summary IBM i Access Client Solutions is vulnerable to an attacker carrying out an XML External Entity injection via a crafted XFA file inside of a PDF CVE-2025-66516. Apache Tika is used by the Run SQL Scripts feature of IBM i Access Client Solutions to determine the content type of binary colum...