Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component uses Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in July 2025, App Connect Professional has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-50106...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses cross-spawn-6.0.5.tgz which is vulnerable to CVE-2024-21538. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the...

Security Bulletin: IBM Operational Decision Manager for Sept 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-27818...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in reactor-netty-http

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in reactor-netty-http Vulnerability Details CVEID:CVE-2025-22227 DESCRIPTION: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen,...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2024-23337 DESCRIPTION: jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, t...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Spring Framework MVC applications can be vulnerable to Traversal Vulnerability.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-41242 DESCRIPTION:...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Improper Resource Shutdown or Release vulnerability to the made you reset the attack.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Improper Resource Shutdown or Release vulnerability to the made you reset the attack.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48989...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700

Summary IBM Virtualization Engine TS7700 is susceptible to two Tampering and information Disclosure CVE-2025-21587 , CVE-2025-30698 and one Tampering and Denial of Service CVE-2025-4447 unauthorized data access due to the use of IBM® SDK Java™ Technology Edition, Version 8 Vulnerability Details...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in Python.

Summary IBM Virtualization Engine TS7700 is susceptible to two Tampering conditions and one potential Elevation of Privilege issue due to the use of Python CVE-2025-0938, CVE-2025-47273, CVE-2025-1795. TS7700 uses Python to perform operations with the Cloud and internal system configuration tasks...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Information Disclosure due to the use of IBM Db2

Summary IBM Virtualization Engine TS7700 is susceptible to Information Disclosure CVE-2024-40679 due to the use of IBM Db2, which is primarily embedded to store metadata related to the data managed by the TS7700. Vulnerability Details CVEID:CVE-2024-40679 DESCRIPTION: IBM Db2 for Linux, UNIX and...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to Elevation of Privilege conditions due to the use of IBM Storage Virtualize

Summary IBM Virtualization Engine TS7700 is susceptible to Elevation of Privilege conditions due to the use of IBM Storage Virtualize CVE-2025-36120. TS7700 uses IBM Storage Virtualize to perform operations related to storage virtualization and internal system configuration tasks. Vulnerability...

Security Bulletin: IBM QRadar SIEM is affected by privilege escalation (CVE-2025-36007)

Summary IBM QRadar SIEM is affected by privilege escalation due to improper privilege assignment in the App Framework. IBM has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-36007 DESCRIPTION: IBM QRadar SIEM is vulnerable to privilege escalation due to improper...

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-38211 DESCRIPTION: In the Linux kernel, the following vulnerability has...

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to denial of service due to jackson- core. WS-2022-0468.

Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to denial of service due to jackson- core. WS-2022-0468. Vulnerability Details WSID: WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attac...

Security Bulletin: Sensitive Key Exposure in Snowflake JDBC Driver Logging (Versions 3.0.13 – 3.23.0), affects watsonx.data

Summary Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side...

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441.

Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED Improper Input...

Security Bulletin: Reflected File Download (RFD) Vulnerability in Spring Framework Content-Disposition Header Handling (CWE-113), which affects IBM watsonx.data

Summary A Reflected File Download RFD vulnerability has been identified in VMware Spring Framework versions 6.0.5 to 6.2.7. The issue arises when an application sets a Content-Disposition response header using ContentDisposition.BuilderfilenameString, Charset with a non-ASCII charset and...

Security Bulletin: Pip Vulnerability Prior to v23.3 Allows Arbitrary Mercurial Configuration Injection via VCS URLs, which affects IBM watsonx.data

Summary When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and whi...

Security Bulletin: Security Vulnerability in Requests Library: .netrc Credential Leak Fixed in Version 2.32.4, affects IBM watsonx.data

Summary Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can...

Security Bulletin: IBM OpenPages fixes form-data package vulnerability

Summary Vulnerability in the form-data package with IBM OpenPages has been addressed in the latest IBM OpenPages fix pack version for 8.3, 9.0 and mod version for 9.1 Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...

Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Jul 2025 - Includes OpenJDK July 2025 CPU vilnerabilities

Summary Security Bulletin: OpenPages is vulnerable to IBM Semeru Runtime Quarterly CPU - Jul 2025 - Includes OpenJDK July 2025 CPU vilnerabilities with CVEs CVE-2025-50059, CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754 Vulnerability Details Refer to the security bulletins listed ...

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - Jul 2025 has been published in multiple security bulletins. These products have addressed the...

Security Bulletin: urllib3 Redirect Control Vulnerability in Pyodide Runtime (Versions 2.2.0 to <2.5.0), which affects IBM watsonx.data

Summary urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This...

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to multiple vulnerabilities due to DB2 (CVE-2025-33092, CVE-2025-33143)

Summary DB2 JDBC driver is shipped as part of the XMLToolkit component for IBM Tivoli Business Service Manager. Information about security vulnerability affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details CVEID:CVE-2025-33092 DESCRIPTION: IBM Db2 for Linux...

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.0.37 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

Security Bulletin: Vulnerability Werkzeug, Twisted-22.10.0-py3, requests-2.32.2-py3, commons-lang-2.6, commons-fileupload-1.5, urllib3-2.2.2, jetty-server-9.4.56.v20240826 affect IBM Cloud Object Storage Systems (Oct 2025)

Summary Vulnerability with Werkzeug CVE-2024-34069, CVE-2023-46136 ,CVE-2024-49767, CVE-2024-49766 Twisted-22.10.0-py3 CVE-2024-41810, CVE-2023-46137, CVE-2024-41671, requests-2.32.2-py3 CVE-2024-47081, urllib3-2.2.2 CVE-2025-50182,CVE-2025-501810 commons-lang-2.6CVE-2025-48924,...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for al...

Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935.

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Apache Commons (CVE-2025-48734)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-48734 of Improper Access Control in Apache Commons. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Spring boot and Spring Security

Summary IBM Sterling Control Center is affected by vulnerabilities in Spring boot and Spring Security CVE-2025-22235, CVE-2025-22228 and CVE-2024-38821 Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Java

Summary IBM Sterling Control Center is affected by vulnerabilities in IBM Java CVE-2025-21587, CVE-2025-30698, CVE-2025-2900 and CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...

Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-security-core-6.4.5.jar (CVE-2025-41232)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41232 in spring-security-core-6.4.5.jar. Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an...

Security Bulletin: IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA (CVE-2025-36361)

Summary IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA. Vulnerability Details CVEID:CVE-2025-36361 DESCRIPTION: IBM App Connect Enterprise could allow an authenticated user to perform unauthorized actions on customer defined resources...

Security Bulletin: Improper Access Control vulnerability in Apache Commons BeanUtils library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48734)

Summary Apache Commons BeanUtils library is used by Tivoli Netcool/OMNIbus WebGUI as part of Filter builder, View builder and Tool admin component. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was...

Security Bulletin: Uncontrolled Recursion vulnerability in Apache Commons Lang library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48924)

Summary Apache Commons Lang library is used by Tivoli Netcool/OMNIbus WebGUI as part of Filter builder, View builder, Tool admin, Menu admin and Event Viewer Preferences component. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang...

Security Bulletin: DoS vulnerability in Apache Commons FileUpload library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48976)

Summary Apache Commons FileUpload library is used by Tivoli Netcool/OMNIbus WebGUI as part of Map Resources admin component. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

Security Bulletin: Multiple vulnerabilities in IBM DataPower Gateway (OS kernel)

Summary Multiple vulnerabilities were addressed in IBM DataPower Gateway version 10.5.0.19 and 10.6.0.7 Vulnerability Details CVEID:CVE-2024-50154 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai La...

Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Java runtime

Summary Java Runtime is bundled with IBM DataPower Gateway, and used by some bundled components. CVE-2025-50059, CVE-2025-30754 Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle...

Security Bulletin: Due to the use of Redis, IBM DataPower Gateway is vulnerable to a denial of service

Summary Redis is used in the API Gateway component, and for load balancing. CVE-2025-32023, CVE-2025-48367 Vulnerability Details CVEID:CVE-2025-32023 DESCRIPTION: Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticat...

Security Bulletin: vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT

Summary vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in...

Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons FileUpload

Summary vulerability in IBM Spectrum Symphony with Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...

Security Bulletin: vulerability in IBM Spectrum Symphony with jackson-core

Summary vulerability in IBM Spectrum Symphony with jackson-core Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an...

Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons

Summary vulerability in IBM Spectrum Symphony with Apache Commons Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declare...

Security Bulletin: vulerability in IBM Spectrum Symphony with spring security

Summary vulerability in IBM Spectrum Symphony with spring security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

Security Bulletin: vulerability in IBM Spectrum Symphony with spring webmvc

Summary vulerability in IBM Spectrum Symphony with spring webmvc Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HT...

Security Bulletin: vulerability in IBM Spectrum Symphony with okhttp component

Summary vulerability in IBM Spectrum Symphony with okhttp component Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing...