35608 matches found
Security Bulletin: IBM SPSS Analytic Server is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty (CVE-2025-7962)
Summary IBM SPSS Analytic Server is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty CVE-2025-7962. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform ...
Security Bulletin: AIX/VIOS is vulnerable to potential code execution (CVE-2025-61984, CVE-2025-61985) due to OpenSSH
Summary Vulnerabilities in OpenSSH could allow an attacker to execute code CVE-2025-61984, CVE-2025-61985. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain...
Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to compromise Java SE
Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could...
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU
Summary Db2 Query Management Facility is vulnerable to Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact, and no availability impact...
Security Bulletin: IBM Semeru Runtime Quarterly CPU - Oct 2025 - Includes OpenJDK October 2025 CPU (includes CVE-2025-53057, CVE-2025-53066)
Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2025 - Includes OpenJDK October 2025 CPU includes CVE-2025-53057, CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security...
Security Bulletin: Due to use of servlet feature in IBM WebSphere Application Server Liberty, IBM Operations Analytics - Log Analysis is affected by a security bypass vulnerability
Summary servlet feature in IBM WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of HTTP Servlets support. CVE-2024-56339. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere Application Server...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by incorrect validation of integrity check due to OpenSSH
Summary OpenSSH is used by IBM Operations Analytics - Log Analysis as part of implementations of SSH servers and clients. CVE-2023-48795. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty
Summary Jakarta Mail in IBM WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of sending and receiving emails. CVE-2025-7962. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by...
Security Bulletin: Due to use of Apache Kafka, IBM Operations Analytics - Log Analysis is affected by remote code execution and denial of service.
Summary Apache Kafka in Logstash is used by IBM Operations Analytics - Log Analysis for high-throughput, fault-tolerant, and scalable data processing. CVE-2025-27819, CVE-2025-27818. Vulnerability Details CVEID:CVE-2025-27819 DESCRIPTION: In CVE-2023-25194, we announced the RCE/Denial of service...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by incorrect authorisation and XML external entity (XXE) vulnerabilities due to Apache Solr.
Summary Apache Solr is used by IBM Operations Analytics - Log Analysis as part of managing Solr collection and arbitary local file. CVE-2018-11802, CVE-2018-1308. Vulnerability Details CVEID:CVE-2018-11802 DESCRIPTION: In Apache Solr, the cluster can be partitioned into multiple collections and...
Security Bulletin: Multiple vulnerabilities found in IBM EntireX through the use of webMethods Integration Server.
Summary As IBM EntireX Adapter runs in the webMethods Integration Server and the webMethods Integration Server has been updated in order to address the vulnerabilities, the fix for webMethods Integration Server will need to be applied by IBM EntireX customers. Vulnerability Details...
Security Bulletin: IBM Operations Analytics - Log Analysis is affected by improper access control and integer truncation issues due to flaw in Apache Xalan
Summary Apache Xalan in Logstash is used by IBM Operations Analytics - Log Analysis as part of the data transformation and integration. CVE-2014-0107, CVE-2022-34169. Vulnerability Details CVEID:CVE-2014-0107 DESCRIPTION: The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, n...
Security Bulletin: Due to crypto.js in IBM WebSphere Application Server Liberty, IBM Operations Analytics - Log Analysis is affected by weaker than expected security
Summary crypto.js in IBM WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis is use to generate random numbers necessary for cryptographic operations. CVE-2020-36732. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for...
Security Bulletin: IBM watsonx Orchestrate with watsonx Assistant Cartridge is vulnerable to HTTP Request Smuggling due to aiohttp
Summary aiohttp is used by IBM watsonx Orchestrate with watsonx Assistant Cartridge as a part of wxo-server-server image Vulnerability Details IBM X-Force ID: 275957 DESCRIPTION: aio-libs aiohttp is vulnerable to a denial of service, caused by improper validation of user-supplied input. By sendin...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3 Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. CWE:CWE-639:...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.2.2 Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as...
Security Bulletin: Firewalld Reload Bypasses Localhost Port Restrictions in Moby (Docker Engine) Prior to 28.3.3, affects watsonx.data
Summary Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3 Vulnerability Details CVEID:CVE-2023-45289 DESCRIPTION: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to okio-2.8.0.jar
Summary IBM webMethods BPM uses okio-2.8.0.jar for I/O operations to make reading and writing data faster and safer than Java's inbuilt APIs. Vulnerability Details CVEID:CVE-2023-3635 DESCRIPTION: GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer...
Security Bulletin: IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink
Summary IBM Event Processing is affected by multiple Vulnerabilities in IBM Operator for Apache Flink 1.4.5 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-57352)
Summary IBM Security SOAR uses an older version of min-document that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended customers upgrade to version 51.0.8.1 or later. Vulnerability Details CVEID:CVE-2025-57352 DESCRIPTION...
Security Bulletin: Due to use of Java SE, IBM Security SOAR is affected by unspecified vulnerabilities (CVE-2025-53066 & CVE-2025-53057)
Summary IBM Security SOAR uses Java SE library internally. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no integrity impact, and no availability...
Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 - Includes Oracle October 2025 CPU for Rational Software Architect Designer
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition,Versions 8 and Java 17 that are used by Rational Software Architect Designer and Rational Software Architect Designer for Websphere Software. These issues were disclosed as part of the IBM SDK, Java Technology Edition...
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities
Summary IBM Event Streams is affected by multiple vulnerabilities Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected ar...
Security Bulletin: Multiple Vulnerabilities in IBM Event Processing
Summary IBM Event Processing was affected by multiple vulnerabilities. These are affecting the operator and frontend components. Vulnerability Details CVEID:CVE-2025-57752 DESCRIPTION: Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0....
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms
Summary Multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in October 2025 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities.
Summary IBM Event Endpoint Management is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2025-53066, CVE-2025-53057)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to...
Security Bulletin: IBM Maximo Application Suite - Predict Component uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerabilit...
Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916
Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses bcpkix-jdk18on-1.78.1.jar which is vulnerable to CVE-2025-8916. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of...
Security Bulletin: IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410
Summary IBM Maximo Application Suite uses java 17.0.13,github.com/go-viper/mapstructure/v2 v2.2.1 and github.com/docker/docker v27.3.1 which is vulnerable to GHSA-2464-8j7c-4cjm,CVE-2025-21502 and CVE-2025-54410. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2025-1550.
Summary IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2025-1550. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-1550 DESCRIPTION: The Keras Model.loadmodel function permits...
Security Bulletin: IBM® IBM Common Licensing using WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)
Summary Vulnerability in javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 features affects IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.11 with specific features enabled. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, and addressed in this...
Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2024-12243 DESCRIPTION: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1,...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with WebSphere Remote Server, are affected by cross-site scripting (CVE-2025-12635)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...
Security Bulletin: Rational Performance Tester contains a vulnerability which could lead to potential remote code execution
Summary Due to the use of the Apache Xalan Java XLST library, Rational Performance Tester contains a vulnerability that could lead to potential remote code execution. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execut...
Security Bulletin: Rational Performance Tester contains a vulnerability that could result in unauthorized data access
Summary Rational Performance Tester use of the Java AsyncHttpClient library can result in unauthorized data access. Vulnerability Details CVEID:CVE-2024-53990 DESCRIPTION: The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP...
Security Bulletin: Rational Performance Tester contains a vulnerability which could affect its use of the JavaScript HTTP client Axios
Summary Due to the use of the JavaScript HTTP client Axios, Rational Performance Tester contains a vulnerability which can result in a potential dential of service attack. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Whe...
Security Bulletin: Due to use of Bouncy Castle Rational Performance Tester is affected by multiple vulnerabilities
Summary Due to the use of Bouncy Castle, Rational Performance Tester contains vulnerabilities which could result a potential denial of service or sensitive information disclosure. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: An issue was discovered in ECCurve.java and ECCurve.cs in...
Security Bulletin: Due to the use of eclipse Jetty Rational Performance Tester is vulnerable to a denial of service
Summary Due to the use of Eclipse Jetty, Rational Performance Tester cotnains vulnerabilities around request processing CVE-2025-5115 Vulnerability Details CVEID:CVE-2025-5115 DESCRIPTION: In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigg...
Security Bulletin: Rational Performance Tester contains vulnerabilities which could result in a potential denial of service
Summary Due to the use of the Jackson Data Processor, Rational Performance Tester contains vulnerabilities could result in a potentail denial of service attack. CVE-2025-52999, CVE-2022-0468 Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental...
Security Bulletin: Rational Performance Tester contains a vulnerability related to use of the Netty framework
Summary Due to the use of Netty, Rational Performance Tester contains a vulnerability which could result in an Out of Memory OOM condition. CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid...
Security Bulletin: Rational Performance Tester contains vulnerabilities related to the Netty framework
Summary Due to the use of Netty, Rational Performance Tester contains vulnerabilities that could allow HTTP request smuggling or a denial of service attack. CVE-2025-58056, CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-12635)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-7962)
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...
Security Bulletin: IBM Event Streams is vulnerable to Uncontrolled Recursion vulnerability (CVE-2025-48924)
Summary IBM Event Streams is vulnerable to Uncontrolled Recursion vulnerability due to the use of the Apache Commons Lang artifact. This artifact primarily used for utility functions such as string manipulation, object comparison, and handling common operations that simplify Java development...
Security Bulletin: IBM Event Streams is vulnerable to Weak Encryption (CVE-2025-45767)
Summary IBM Event Streams is vulnerable to weak encryption due to the JOSE library. JOSE is used for JSON Object Signing and Encryption in token-based authentication. Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is...
Security Bulletin: IBM Storage Ceph is vulnerable to HTTP Request/Response Smuggling in Grafana (CVE-2025-22871)
Summary Grafana is used by IBM Storage Ceph as a metrics dashboard. This bulletin identifies the steps to take to address the vulnerability in Golang via Grafana. CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line...
Security Bulletin: IBM Storage Ceph is vulnerable to Exposure of Sensitive Information Through Data Queries in Golang Go (CVE-2023-45288)
Summary Golang Go is used by IBM Storage Ceph as part of RGW and in assorted other locations. CVE-2023-45288 Vulnerability Details CVEID:CVE-2023-45288 DESCRIPTION: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION...