Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 4:6 p.m.10 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to command injection due to the Netty package (CVE-2025-59419)

Summary Netty is used by DataStage on Cloud Pak for Data as part of the event processing functionality. Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec ...

6.9CVSS7.7AI score0.01617EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 1:5 p.m.6 views

Security Bulletin: IBM B2B Advanced Communications is affected by vulnerability in XStream

Summary IBM B2B Advanced Communications has addressed a vulnerability in XStream library shipped with product CVE-2024-47072. Vulnerability Details CVEID:CVE-2024-47072 DESCRIPTION: XStream is a simple library to serialize objects to XML and back again. This vulnerability may allow a remote...

7.5CVSS7.3AI score0.02015EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 12:56 p.m.10 views

Security Bulletin: IBM B2B Advanced Communications is affected by multiple vulnerabilities in log4j

Summary IBM B2B Advanced Communications has addressed vulnerabilities in log4j shipped with productCVE-2022-0084 CVE-2020-36518 CVE-2021-37136 CVE-2022-23913 CVE-2022-24785 Vulnerability Details CVEID:CVE-2022-0084 DESCRIPTION: A flaw was found in XNIO, specifically in the notifyReadClosed method...

7.5CVSS7.3AI score0.05664EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 12:43 p.m.6 views

Security Bulletin: IBM B2B Advanced Communications is affected by vulnerabilities in kjd/idna library

Summary IBM B2B Advanced Communications has addressed vulnerabilities in idna library shipped with product CVE-2024-3651. Vulnerability Details CVEID:CVE-2024-3651 DESCRIPTION: A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version...

7.5CVSS6.3AI score0.01386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 9:35 a.m.8 views

Security Bulletin: Due to use of Apache Commons Text, IBM Operations Analytics - Log Analysis is affected by Remote Code Execution Attacks

Summary Apache Commons Text in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the string manipulation and interpolation. CVE-2025-46295. Vulnerability Details CVEID:CVE-2025-46295 DESCRIPTION: Apache Commons Text versions prior to 1.10.0 included interpolation features...

9.8CVSS7.9AI score0.00919EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 7:39 a.m.6 views

Security Bulletin: Vulnerability in protobuf-c affects IBM Netezza Appliance

Summary The protobuf-c package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2022-48468 Vulnerability Details CVEID:CVE-2022-48468 DESCRIPTION: protobuf-c before 1.4.1 has an unsigned integer overflow in parserequiredmember. CWE:CWE-190: Integer...

5.5CVSS6.8AI score0.00366EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 4:37 a.m.7 views

Security Bulletin: Due to use of Eclipse Jersey, IBM Sterling External Authentication Server is affected by unauthorized trust in insecure servers.

Summary IBM Sterling External Authentication Server is affected by a vulnerability in Eclipse Jersey and it is addressed in the latest fixpack Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL...

9.4CVSS6.7AI score0.00271EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/13 2:27 a.m.14 views

Security Bulletin: IBM Terracotta affected by Spring Framework vulnerabilities CVE-2022-22965, CVE-2022-22970, CVE-2025-41242

Summary Spring Framework vulnerabilities CVE-2022-22965, CVE-2022-22970, CVE-2025-41242 are addressed in the IBM Teracotta product Vulnerability Details CVEID:CVE-2022-22965 DESCRIPTION: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution RCE vi...

9.8CVSS7.9AI score0.99677EPSS
Exploits104Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 11:20 p.m.9 views

Security Bulletin: Security vulnerabilities have been found in IBM Application Gateway (CVE-2024-26458, CVE-2025-3576, CVE-2025-36397, CVE-2025-36396)

Summary Security vulnerabilities have been addressed in IBM Application Gateway. Vulnerability Details CVEID:CVE-2024-26458 DESCRIPTION: Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c. CWE:CWE-401: Missing Release of Memory after Effective Lifetime CVSS Source: I...

5.9CVSS6.3AI score0.00815EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 11:3 p.m.14 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2023-51767 DESCRIPTION: OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the...

9.8CVSS8.5AI score0.9378EPSS
Exploits26Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 5:46 p.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Datacap

Summary Multiple vulnerabilities were addressed in IBM Datacap version 9.1.10 released on December 19, 2025. Vulnerability Details CVEID:CVE-2022-23302 DESCRIPTION: JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the...

9.8CVSS8.5AI score0.66537EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 5:35 p.m.13 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in...

9.1CVSS6.5AI score0.54862EPSS
Exploits8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 4:28 p.m.6 views

Security Bulletin: Uncontrolled Resource Consumption Vulnerability in Apache Commons IO XmlStreamReader, affects watsonx.data

Summary Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended ...

4.3CVSS6.6AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 3:11 p.m.7 views

Security Bulletin: Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow Containers 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2025-36058 DESCRIPTION: IBM Cloud Pak for Business Automatio...

7.5CVSS6.2AI score0.01075EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/12 3:9 p.m.6 views

Security Bulletin: IBM HTTP Server, which is bundled with WebSphere Remote Server, is affected by multiple vulnerabilities due to libexpat and the included Apache HTTP Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM HTTP Server has been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

6.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 7:4 p.m.6 views

Security Bulletin: A vulnerability in IBM Java SDK and IBM Java Runtime affects IBM® Db2®. (Oct 2025 CPU)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7.1.5.26 and earlier, 8.0.8.50 and earlier, and IBM Semeru Version 21.0.8.0 and earlier used by IBM® Db2®. These issues were disclosed as part of the IBM Java SDK updates in October 2025. Vulnerability Details...

5.9CVSS5.5AI score0.00487EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 3:40 p.m.10 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Denial-of-Service (DoS) due to use of jose4j library

Summary jose.4.j library in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the secure token-based authentication and encryption mechanisms. CVE-2024-29371. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.5, an attacker can cause a...

7.5CVSS6.8AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 3:21 p.m.11 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by an improper input validation due to Apache Commons HttpClient

Summary Apache Commons HttpClient is used by IBM Operations Analytics - Log Analysis as part of the standards-based Java library for executing HTTP requests. CVE-2012-6153, CVE-2012-5783. Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: http/conn/ssl/AbstractVerifier.java in Apache Commons...

5.8CVSS6.6AI score0.09254EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 2:40 p.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Tivoli Network Manager (CVE-2025-53066, CVE-2025-53057).

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 17, used by IBM Tivoli Network Manager IP Edition v4.2 core components. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote...

7.5CVSS6.6AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 5:26 a.m.7 views

Security Bulletin: JSSE Vulnerability in Oracle Java SE and GraalVM Products, affects watsonx.data

Summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 a...

4.8CVSS5.3AI score0.00381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 5:25 a.m.9 views

Security Bulletin: Data Binding Validation Bypass in Spring Framework, affects watsonx.data

Summary There are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: 6.2.0 - 6.2.6 6.1.0 - 6.1.19 6.0.0 - 6.0.27 5.3.0 - 5.3.42 Older, unsupported versions are also affected Mitigation Users of affected versions should...

5.3CVSS6.6AI score0.00631EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 5:25 a.m.6 views

Security Bulletin: Potential Leakage of Proxy Credentials During Cross-Origin Redirects affect IBM watsonx.data

Summary Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-4673 DESCRIPTION: Proxy-Authorization and Proxy-Authenticate headers persisted on...

6.8CVSS6.8AI score0.0056EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 3:46 a.m.6 views

Security Bulletin: IBM SPSS Analytic Server is affected by weaker than expected security due to crypto.js in IBM WebSphere Application Server Liberty (CVE-2020-36732)

Summary IBM SPSS Analytic Server is affected by weaker than expected security due to crypto.js in IBM WebSphere Application Server Liberty. CVE-2020-36732. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2....

5.3CVSS6.5AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 3:44 a.m.6 views

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in zookeeper (CVE-2018-8012, CVE-2019-0201, CVE-2023-44981, CVE-2017-5637)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in zookeeper CVE-2018-8012, CVE-2019-0201, CVE-2023-44981, CVE-2017-5637. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2018-8012 DESCRIPTION: No authentication/authorization is enforced...

9.1CVSS7.3AI score0.73654EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 12:45 a.m.8 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access Digital Credentials (CVE-2025-56200, CVE-2025-64118, CVE-2025-59343)

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2025-56200 DESCRIPTION: A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to par...

8.7CVSS6.2AI score0.00516EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 4:47 p.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Console

Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.8. Vulnerability Details CVEID:CVE-2025-61780 DESCRIPTION: Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in...

7.5CVSS6.4AI score0.00868EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 4:34 p.m.7 views

Security Bulletin: IBM Storage Ceph is vulnerable to an Origin Validation Error in Grafana (CVE-2024-57965)

Summary Axios is a dependency of Grafana, and Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Grafana. CVE-2024-57965 Vulnerability Details CVEID:CVE-2024-57965 DESCRIPTION: In axios before 1.7.8,...

9.8CVSS6.9AI score0.00356EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 3:7 p.m.6 views

Security Bulletin: IBM Controller is vulnerable to a Path Traversal vulnerability

Summary IBM Controller has addressed a Path Traversal vulnerability present in Spring Framework MVC applications Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet...

5.9CVSS6.6AI score0.01916EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 1:15 p.m.5 views

Security Bulletin: IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924).

Summary IBM SPSS Analytic Server is affected by a vulnerability in Apache Commons Lang CVE-2025-48924. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache...

5.3CVSS6.7AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 11:35 a.m.20 views

Security Bulletin: Due to use of IBM SDK, Java Technology Edition, IBM Tivoli Application Dependency Discovery Manager is vulnerable to multiple vulnerabilities.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM Tivoli Application Dependency Discovery Manager TADDM. Vulnerability Details CVEID:CVE-2024-21235 DESCRIPTION: Vulnerability in Java SE component: Hotspot. Difficult to exploit vulnerability allows...

5.3CVSS5.2AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 11:13 a.m.10 views

Security Bulletin: Due to use of Eclipse Jetty, IBM Sterling Connect:Direct Web Services is affected by denial-of-service (DoS) attack.

Summary Eclipse Jetty is used by IBM Sterling Connect:Direct Web Services CVE-2024-8184, CVE-2024-6763. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote which can be exploited by unauthorized users to cause remote...

6.5CVSS6.4AI score0.01037EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 6:1 a.m.9 views

Security Bulletin: Uncontrolled Resource Allocation in Bouncy Castle Java PKIXCertPathReviewer Leading to Excessive Allocation, which affects IBM watsonx.data

Summary Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All API modules allows...

6.3CVSS6.8AI score0.0043EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 5:59 a.m.7 views

Security Bulletin: Firewalld Reload Breaks Docker Bridge Network Isolation in Moby (Pre-28.0.0), affects watsonx.data

Summary Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to...

5.2CVSS6.7AI score0.00152EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 5:59 a.m.3 views

Security Bulletin: Remote Exploitable Java SE Serialization Weakness Causing Partial DoS, affects watsonx.data

Summary Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of...

3.7CVSS5.5AI score0.01157EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/08 5:25 a.m.12 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2018-16487 DESCRIPTION: A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or...

8.4CVSS8AI score0.25151EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 7:36 p.m.11 views

Security Bulletin: IBM Spectrum Symphony with IBM WebSphere Application Server Liberty is vulnerable to a denial of service

Summary IBM Spectrum Symphony with IBM WebSphere Application Server Liberty is vulnerable to a denial of service Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions...

7.5CVSS6.5AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 7:36 p.m.7 views

Security Bulletin: vulerability in IBM Spectrum Symphony with spring webmvc

Summary vulerability in IBM Spectrum Symphony with spring webmvc Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION: Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable whe...

5.9CVSS6.6AI score0.01916EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 7:35 p.m.6 views

Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java API

Summary multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java TLS API Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the...

6.3CVSS6.6AI score0.00505EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 6:46 p.m.6 views

Security Bulletin: IBM Sterling Connect:Direct FTP+ is vulnerable to various attacks due to IBM Runtime Environment Java Technology Edition Version 17

Summary IBM Java 17 is used by IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms in product configuration and data transmission. IBM Sterling Connect:Direct FTP+ on AIX, Linux, and Windows platforms is impacted by vulnerabilities in IBM Java 17. IBM Sterling Connect:Direct FTP...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 5:6 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Controller

Summary Multiple vulnerabilities were addressed in IBM Controller. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the...

7.5CVSS6.1AI score0.13258EPSS
Exploits4Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 12:54 p.m.8 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2025-12635)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

5.4CVSS5.8AI score0.00139EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 12:49 p.m.9 views

Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow - CVE-2025-48976

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 12:30 p.m.14 views

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.15.0 shipped with IBM Cloud Pak for Business Automation iFixes for December 2025.

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation December 2025 security fixes update this dependency beyond 4.15.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2016-10540 DESCRIPTION: Minimatc...

9.1CVSS9.1AI score0.2241EPSS
Exploits12Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 12:28 p.m.6 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2025-53066, CVE-2025-53057)

Summary Multiple Vulnerabilities were disclosed as part of the JAVA October 2025 Critical Patch Update affecting IBM® SDK, Java™ Technology Edition in IBM License Key Server Administration and Reporting Tool ART and Administration Agent. For more information please refer to Oracle's CPU Advisory...

7.5CVSS6.2AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 12:26 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow traditional

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

6.6AI score
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 11:7 a.m.8 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by two vulnerabilities due to LZ4-java

Summary LZ4-java is a data compression library used by Netty and Apache Kafka. When LZ4-java is used to decompress untrusted data, remote attackers could cause Denial of Service and/or access sensitive data by sending crafted malicious input. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION...

8.8CVSS6.4AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 10:46 a.m.4 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)

Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin...

6.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 9:0 a.m.5 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack

Summary IBM Operations Analytics – Log Analysis uses CSRF tokens to prevent unauthorised actions from being performed by an attacker on behalf of an authenticated user. CVE-2024-40685. Vulnerability Details CVEID:CVE-2024-40685 DESCRIPTION: IBM SmartCloud Analytics - Log Analysis is vulnerable to...

4.3CVSS6.6AI score0.00128EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 6:7 a.m.8 views

Security Bulletin: Kafka client library upgraded to kafka-clients-3.9.1

Summary Kafka client library upgraded to kafka-clients-3.9.1. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to...

8.8CVSS6.9AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/07 4:13 a.m.5 views

Security Bulletin: Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities disclosed in IBM Semeru Runtime affect IBM SPSS Collaboration and Deployment Services CVE-2025-53057, CVE-2025-53066. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java S...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
Total number of security vulnerabilities35608