35661 matches found
Security Bulletin: Security vulnerabilities have been found in IBM Library Support for Spring 2.7.29 and 3.2.17 (CVE-2025-41253, CVE-2025-41254)
Summary IBM Library Support for Spring has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2025-41254 DESCRIPTION: STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Product...
Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-37891]
Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-37891 Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to obtain sensitive information...
Security Bulletin: Due to the use of IBM WebSphere Application Server, IBM Tivoli Network Manager (ITNM) IP Edition is affected by an SMTP injection vulnerability caused by Jakarta Mail(CVE-2025-7962)
Summary WebSphere Application Server, used by IBM Tivoli Network Manager ITNM IP Edition, is affected by an SMTP injection vulnerability caused by Jakarta Mail. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.12.0 Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty...
Security Bulletin: IBM Rhapsody Systems Engineering is using next-15.4.7.tgz which is vulnerable to CVE-2025-55182
Summary A security vulnerability was identified in the Next.js package used in IBM Rhapsody Systems Engineering. The issue is resolved by updating to a non-vulnerable patched version to ensure the continued security and reliability of the product. Vulnerability Details CVEID:CVE-2025-55182...
Security Bulletin: Multiple vulnerabilities that affect IBM Db2 Intelligence Center (CVE-2025-47913, CVE-2022-25927, CVE-2025-6493, CWE-400, CWE-1333, CVE-2025-14687
Summary Multiple vulnerabilties fixed with Db2 Intelligence Center 1.1.3. Vulnerability Details CVEID:CVE-2025-47913 DESCRIPTION: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVSS Source: CISA ADP CVSS Base...
Security Bulletin: Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager (FNCM) component Content Search Services (CSS) / Enterprise Content Management Text Search (ECMTS)
Summary Apache uimaj-core.jar security vulnerability CVE-2022-32287 and CVE-2023-39913 in FileNet Content Manager FNCM component Content Search Services CSS / Enterprise Content Management Text Search ECMTS Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM Edge Data Collector uses next-15.5.5.tgz which is vulnerable to CVE-2025-55182.
Summary IBM Edge Data Collector uses next-15.5.5.tgz which is vulnerable to CVE-2025-55182. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-55182 DESCRIPTION: A pre-authentication remote code execution vulnerability exists in React Server...
Security Bulletin: Multiple components with known vulnerabilities in IBM QRadar SIEM
Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM version 7.5.0 UP14 IF03 Vulnerability Details CVEID:CVE-2025-39718 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput...
Security Bulletin: IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO (CVE-2024-47554)
Summary IBM App Connect Enterprise Toolkit and IBM Integration Bus for z/OS Toolkit are vulnerable to Uncontrolled Resource Consumption due to Apache Commons IO. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The...
Security Bulletin: Vulnerability in requests affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-35195]
Summary The requests package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-35195 Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypass security...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature enabled. Vulnerability Details Refer to the security...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for remediation below. Vulnerability...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues
Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-3572...
Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java (CVE-2025-7962)
Summary IBM Enterprise Application Service for Java is affected by a vulnerability in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separa...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability (CVE-2025-12635)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a cross-site scripting vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products and...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to improper input validation in logback-core [CVE-2025-11226]
Summary IBM Watson Speech Services Cartridge is vulnerable to improper input validation, due to an issue with conditional configuration file processing in logback-core CVE-2025-11226. Logback-core is used in our java microservices. This vulnerabilitiy has been addressed. Please read the details f...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Bouncy Castle [CVE-2025-12194]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Uncontrolled Resource Consumption in Bouncy Castle, due to an issue in Java LTS bcprov-lts8on on All API modules that allows Excessive Allocation. CVE-2025-12194. Bouncy Castle is used in our service runtimes. This vulnerabilitiy ha...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future [CVE-2025-50817]
Summary IBM Watson Speech Services Cartridge is vulnerable to an arbitrary code execution in Python-Future, due to the unintended import of a file named test.py. CVE-2025-50817. Python-Future is used in our service runtimes. This vulnerabilitiy has been addressed. Please read the details for...
Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2025-27516]
Summary The Jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2025-27516 Vulnerability Details CVEID:CVE-2025-27516 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an authentication bypass in Spring Security [CVE-2025-41248]
Summary IBM Watson Speech Services Cartridge is vulnerable to an authentication bypass in Spring Security, due to an issue where annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch [CVE-2025-3730]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch, caused by a flaw in PyTorch 2.6.0 that affects the function torch.nn.functional.ctc CVE-2025-3730. PyTorch is used in our service runtimes. This vulnerabilitiy has been addressed...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an infinate loop condition in CPython [CVE-2025-8194]
Summary IBM Watson Speech Services Cartridge is vulnerable to an infinate loop condition in CPython, due to a defect in the CPython "tarfile" module affecting the "TarFile" extraction and entry enumeration APIs CVE-2025-8194 . CPython is used in our service runtimes. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in MinIO [CVE-2025-59952]
Summary IBM Watson Speech Services Cartridge is vulnerable to a sensitive information exposure in MinIO, due to an unintended behavior with XML tag values CVE-2025-59952. MinIO is used in our java microservices. This vulnerabilitiy has been addressed. Please read the details for remediation below...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4517]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in Python that allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". CVE-2025-4517. Python is used in our speech service runtimes. This vulnerabilitiy...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Authorization in Spring Framework [CVE-2025-41249]
Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Authorization in Spring Framework, due to an issue where the annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch [CVE-2025-2953]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Resource Shutdown or Release in PyTorch, due to an issue found in PyTorch 2.6.0+cu124 that affects the function torch.mkldnnmaxpool2d CVE-2025-2953. PyTorch is used in our service runtimes. This vulnerabilitiy has been...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4138]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in in Python that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. CVE-2025-4138. Python is us...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2025-4330]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal due to an issue in Python that allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata CVE-2025-4330. Python is used i...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python [CVE-2024-12718]
Summary IBM Watson Speech Services Cartridge is vulnerable to a path traversal in Python, due to issues with filter="data" or file permissions chmod with filter="tar" which allow modifying some metadata of files outside the extraction directory CVE-2024-12718. Python is used in our speech service...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an incorrect calculation in python [CVE-2025-4435]
Summary IBM Watson Speech Services Cartridge is vulnerable to an incorrect calculation in python, due to an issue with 'TarFile.errorlevel = 0 ' that causes filtered members to be skipped and not extracted CVE-2025-4435. Python is used in our speech service runtimes. This vulnerabilitiy has been...
Security Bulletin: IBM App Connect Enterprise is vulnerable to Denial of Service due to snake-yaml (CVE-2022-25857)
Summary IBM App Connect Enterprise Toolkit is vulnerable to Denial of Service due to snake-yaml. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for...
Security Bulletin: Vulnerability in urllib3 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-43804, CVE-2023-45803]
Summary The urllib3 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEsCVE-2023-43804, CVE-2023-45803 Vulnerability Details CVEID:CVE-2023-43804 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. urllib3...
Security Bulletin:Vulnerability in OpenSSH affects IBM Netezza Appliance
Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-26465 Vulnerability Details CVEID:CVE-2025-26465 DESCRIPTION: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle...
Security Bulletin: Vulnerability in OpenPrinting CUPS affects IBM Netezza Appliance
Summary The OpenPrinting CUPS package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-58060, CVE-2025-58364 Vulnerability Details CVEID:CVE-2025-58060 DESCRIPTION: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like...
Security Bulletin:Vulnerability in Netty affects IBM Netezza Appliance
Summary The Netty package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-55163 Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and...
Security Bulletin:Vulnerability in libxml2 affects IBM Netezza Appliance
Summary The libxml2 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-32415 Vulnerability Details CVEID:CVE-2025-32415 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-bas...
Security Bulletin: IBM MQ Appliance is affected by Java vulnerabilities (CVE-2025-52057 and CVE-2025-53066)
Summary IBM MQ Appliance has addressed Java vulnerabilities. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause no confidentiality impact, high integrity impact, and no availabili...
Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-56326, CVE-2024-56201]
Summary The Jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-56326, CVE-2024-56201 Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversig...
Security Bulletin: IBM MQ is affected by multiple Java vulnerabilities (CVE-2025-53057, CVE-2025-53066)
Summary Multiple issues were identified with the IBM Runtime Environment, Java Technology Edition and IBM Semeru Runtime Environment which are shipped with IBM MQ Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component coul...
Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Match 360 On Cloud Pak for Data
Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability i...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Prototype Pollution flaw due to lodash.clonedeep
Summary lodash.clonedeep is used by BM watsonx Orchestrate Developer Edition as part of images: agentic-task-manager, wxo-builder-ui, wxo-connections Vulnerability Details CVEID:CVE-2018-16487 DESCRIPTION: A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge,...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Exposed Dangerous Method or Function, Origin Validation Error due to webpack-dev-server
Summary webpack-dev-server is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2025-30359 DESCRIPTION: webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1,...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-site Scripting due to serialize-javascript
Summary serialize-javascript is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat image Vulnerability Details CVEID:CVE-2024-11831 DESCRIPTION: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Improper Input Validation due to postcss
Summary postcss is used by IBM watsonx Orchestrate Developer Edition as part of wxo-chat Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepa...