35608 matches found
Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang CoreDNS library
Summary Golang CoreDNS library is used by the IBM Storage Protect Server OSSM component. Golang CoreDBS is vulnerable to Denial of service , This bulletin identifies the steps to address the vulnerabilities. CVE-2025-58063. Vulnerability Details CVEID:CVE-2025-58063 DESCRIPTION: CoreDNS is a DNS...
Security Bulletin: IBM Storage Protect Server is vulnerable to remote compromise by unauthenticated attacker with network access via multiple protocols due to IBM SDK, Java (CVE-2025-50106, CVE-2025-30749, CVE-2025-30761,CVE-2025-30754)
Summary IBM SDK, Java is vulnerable to remote compromise by unauthenticated attacker with network access via multiple protocols IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the...
Security Bulletin: Security Configuration vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Protect Operations Center (CVE-2024-56339)
Summary IBM WebSphere Application Server Liberty is vulnerable to a security configuration attack which can affect IBM Spectrum Protect formerly Tivoli Storage Manager Operations Center. Vulnerability Details CVEID:CVE-2024-56339 DESCRIPTION: IBM WebSphere Application Server 9.0 and WebSphere...
Security Bulletin: Multiple vulnerabilities in IBM QRadar SIEM
Summary Multiple vulnerabilities were addressed in IBM QRadar SIEM version 7.5.0 UP14 IF02 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrit...
Security Bulletin: IBM Storage Protect Server is susceptible to a vulnerability due to Golang coredns library
Summary Golang coredns library is used by the IBM Storage Protect Server Object Agent and OSSM component. Golang coredns is vulnerable to Denial of Service, This bulletin identifies the steps to address the vulnerabilities. CVE-2025-47950. Vulnerability Details CVEID:CVE-2025-47950 DESCRIPTION:...
Security Bulletin: Vulnerability in IBM Java may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management
Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Space Management and IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by ulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.0
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotatio...
Security Bulletin: Multiple Vulnerabilities affect IBM Watson Studio in Cloud Pak for Data.
Summary Multiple vulnerabilities have been addressed in IBM Watson Studio in Cloud Pak for Data version 5.2.2 Vulnerability Details CVEID:CVE-2024-3568 DESCRIPTION: The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the...
Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms.
Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address these vulnerabilities Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js...
Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.
Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard. IBM WebSphere Liberty has been updated within IBM CICS TX Standard to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...
Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced.
Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...
Security Bulletin: IBM Storage Protect Operations Center is vulnerable to improper access control and stack overflow due to IBM SDK, Java (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)
Summary IBM SDK, Java is vulnerable to improper access control and stack overflow, IBM Storage Protect Operations Center uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the...
Security Bulletin: IBM Storage Protect Server is vulnerable to improper access control and stack overflow due to IBM SDK, Java (CVE-2025-21587, CVE-2025-30698, CVE-2025-4447)
Summary IBM SDK, Java is vulnerable to improper access control and stack overflow, IBM Storage Protect Server uses IBM SDK, Java and may be affected by this vulnerability. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses torch - 2.2.0+cpu which is vulnerable to CVE-2025-32434.
Summary IBM Maximo Application Suite - Monitor Component uses torch - 2.2.0+cpu which is vulnerable to CVE-2025-32434. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-32434 DESCRIPTION: PyTorch is a Python package that provides tensor...
Security Bulletin: Apache Tomcat Improper Resource Shutdown Enables Made You Reset Attack, affects watsonx.data
Summary Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be...
Security Bulletin: Moby Multiple Concurrency and NULL Pointer Dereference Vulnerabilities Leading to DoS and Data Corruption, affects watsonx.data
Summary Multiple vulnerabilities affect Moby across versions 25.x–26.0.2, including a NULL pointer dereference in daemon/images/imagehistory.go v25.0.0–v26.0.2 that can crash the daemon, a race condition in builder/builder-next/adapters/snapshot/layer.go v25.0.5 that allows concurrent builds to...
Security Bulletin: Oracle Java SE and GraalVM 2D Component Remote Code Execution Vulnerability, affects watsonx.data
Summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and...
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale if the HDFS layer is enabled are now addressed in 5.2.3.5 (CVE-2025-58056, CVE-2025-58057)
Summary The following vulnerabilities, which may affect IBM Storage Scale when the HDFS layer is enabled and could lead to weaker-than-expected security, have been remediated in Storage Scale version 5.2.3.5 or later: CVE-2025-58056, CVE-2025-58057 Vulnerability Details CVEID:CVE-2025-58056...
Security Bulletin: Vulnerabilities in gnutls affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in gnutls affect IBM Storage Virtualize products and could cause denial of service, confidentiality and integrity impacts. CVE-2025-32988 CVE-2025-32989. Vulnerability Details CVEID:CVE-2025-32988 DESCRIPTION: A flaw was found in GnuTLS. A double-free vulnerability exists ...
Security Bulletin: Multiple vulnerabilities in IBM Controller
Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor...
Security Bulletin: Multiple vulnerabilities in IBM Controller
Summary Multiple vulnerabilities were addressed in IBM Controller 11.1.2. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could...
Security Bulletin: IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997.
Summary IBM Edge Data Collector uses http-proxy-middleware - 2.0.7 which is vulnerable to CVE-2025-32996, CVE-2025-32997. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-32996 DESCRIPTION: In http-proxy-middleware before 2.0.8 and 3.x before...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6051.
Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6051. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-6051 DESCRIPTION: A Regular Expression Denial of Service...
Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to C-Ares
Summary C-Ares is used in IBM DataPower Gateway's DNS resolver Vulnerability Details CVEID:CVE-2025-31498 DESCRIPTION: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS...
Security Bulletin: IBM QRadar SIEM is affected by an information disclosure vulnerability
Summary IBM QRadar SIEM is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update. Vulnerability Details CVEID:CVE-2024-56464 DESCRIPTION: IBM QRadar SIEM could allow a privileged user to enumerate...
Security Bulletin: gRPC HTTP/2 HPACK Desynchronization Vulnerability Allowing Header Leakage and Privilege Escalation, affects watsonx.data
Summary When gRPC encountered an exceeded header size error, it stopped parsing the remainder of the HPACK frame. This also prevented HPACK dynamic table updates from being processed, causing the sender and receiver HPACK tables to fall out of sync. In environments using an HTTP 2 proxy in front ...
Security Bulletin: Jetty HTTP/2 Unvalidated SETTINGS_MAX_HEADER_LIST_SIZE Leads to Out-of-Memory DoS , affects watsonx.data
Summary In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-5197.
Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-5197. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-5197 DESCRIPTION: A Regular Expression Deni...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6921.
Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6921. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-6921 DESCRIPTION: The huggingface/transformers library,...
Security Bulletin: IBM Edge Data Collector usescurve25519-dalek-3.2.0.crate which is vulnerable to CVE-2024-58262.
Summary IBM Edge Data Collector usescurve25519-dalek-3.2.0.crate which is vulnerable to CVE-2024-58262. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-58262 DESCRIPTION: The curve25519-dalek crate before 4.1.3 for Rust has a constant-time...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK (October 2025) affect IBM InfoSphere Information Server
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in October 2025. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...
Security Bulletin: Denial of Service Vulnerability in jackson-core affect IBM Cloud Pak System[WS-2022-0468]
Summary Denial of Service Vulnerability in jackson-core was addressed in IBM Cloud Pak System version 2.3.6.0. Vulnerability Details ID:WS-2022-0468 DESCRIPTION: The jackson-core package is vulnerable to a Denial of Service DoS attack. The methods in the classes listed below fail to restrict inpu...
Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Tivoli Netcool Configuration Manager (ITNCM), is affected by SMTP injection due to Jakarta Mail(CVE-2025-7962).
Summary WebSphere Application Server, used by IBM Tivoli Netcool Configuration Manager ITNCM, is affected by SMTP injection due to Jakarta Mail. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions...
Security Bulletin: Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability (CVE-2025-8885).
Summary Due to the use of FIPS 140-2 Bouncy Castle Crypto package, IBM EntireX is vulnerable to an Allocation of Resources Without Limits or Throttling vulnerability CVE-2025-8885. The FIPS 140-2 Bouncy Castle Crypto package has been updated in order to address the vulnerability. Vulnerability...
Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector
Summary Multiple vulnerabilities were addressed in IBM Disconnected Log Collector version 2.0.0. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...
Security Bulletin: A vulnerability in IBM Java Runtime used by the IBM Installation Manager and IBM Packaging Utility
Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVE and we recommend updating to the latest version to remediate...
Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...
Security Bulletin: WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.js
Summary WebSphere Application Server Liberty is could provide weaker than expected security due to crypto.jsCVE-2020-36732 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)
Summary There is a vulnerability in the Jakarta Mail library which affects IBM WebSphere Application Server traditional JavaMail and affects WebSphere Application Server Liberty with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details CVEID:CVE-2025-7962...
Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway
Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attacke...
Security Bulletin: Multiple vulnerabilities in IBM QRadar Use Case Manager app
Summary Multiple vulnerabilities were addressed in IBM QRadar Use Case Manager app version 4.1.0 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236)
Summary Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands CVE-2025-36251, CVE-2025-36250, obtain Network Installation Manager NIM private keys CVE-2025-36096, or traverse directories CVE-2025-36236. These vulnerabilities are addressed through the fixes referenced ...
Security Bulletin: Elasticsearch node crash triggered by crafted pipeline using PatternBank recursion, affects watsonx.data
Summary A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigne...
Security Bulletin:Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.7.0 Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Security Bulletin:Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.7.0 Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data...
Security Bulletin: Vulnerability in IBM Java may affect IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments and IBM Storage Protect for Space Management
Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Space Management and IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by DDL component that could allow a remote attacker to cause high confidentiality...
Security Bulletin: Due to use of Business Automation Workflow, Cloud Pak System is affected by out-of-bounds write vulnerability [CVE-2022-42920]
Summary IBM Business Automation Workflow is shipped as IBM Business Automation Workflow Pattern Type pType of IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL has a number of APIs that would normally only allow changing specific class...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service with HTTP/2 and vulnerable to CVE-2025-36047. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service which is vulnerable to CVE-2025-36000.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service which is vulnerable to CVE-2025-36000. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36000...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a security bypass in JMS messaging which is vulnerable to CVE-2025-36124.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a security bypass in JMS messaging which is vulnerable to CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...