35778 matches found
Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Java SDK (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933, CVE-2026-21925)
Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause...
Security Bulletin: IBM B2B Advanced Communications is vulnerable to issues due to Java SDK (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)
Summary IBM B2B Advanced Communications has addressed vulnerabilities in Java SDK shipped with product. Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server used by IBM Rational ClearQuest (CVE-2026-9319)
Summary IBM WebSphere Application Server is used by the IBM Rational ClearQuest server. Information about security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: Multiple vulnerabilities impacts AIX due to cURL libcurl (CVE-2026-1965, CVE-2026-3783, CVE-2026-3784)
Summary Multiple vulnerabilities in the curl/libcurl are related to unauthorized access. Vulnerability Details CVEID:CVE-2026-1965 DESCRIPTION: libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool o...
Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Apache Log4j
Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in Apache Log4j. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-34479 DESCRIPTION: The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape...
Security Bulletin: This Power Hardware Management Console update is being released to address CVE-2026-12943
Summary Vulnerability in Power Hardware Management Console HMC could allow an unauthenticated attacker to gain elevated privileges and execute arbitrary commands. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-12943 DESCRIPTION: Management systems in IBM Power...
Security Bulletin: This PowerVM Novalink update is being released to address CVE-2026-12943
Summary A vulnerability on PowerVM Novalink could allow an unauthenticated attacker to gain elevated privileges and execute arbitrary commands. PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2026-12943 DESCRIPTION: Management systems in IBM Power environments H...
Security Bulletin: IBM WebSphere Application Server is affected by server-side request forgery (CVE-2026-9006)
Summary IBM WebSphere Application Server is affected by a server-side request forgery vulnerability with the Ajax Proxy configured. Vulnerability Details CVEID:CVE-2026-9006 DESCRIPTION: IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery SSRF with the Ajax...
Security Bulletin: Multiple vulnerabilities within WebSphere Application Server Liberty, affect IBM Tivoli Monitoring.
Summary Multiple vulnerabilities within KCCI WebSphere Liberty Server which is included as part of IBM Tivoli Monitoring ITM portal server have been addressed. Vulnerability Details CVEID:CVE-2026-5516 DESCRIPTION: IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSpher...
Security Bulletin: IBM WebSphere Application Server is affected by multiple vulnerabilities (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)
Summary IBM WebSphere Application Server is affected by cross-sight scripting and path traversal vulnerabilities. Vulnerability Details CVEID:CVE-2026-11712 DESCRIPTION: IBM WebSphere Application Server is affected by a cross-site scripting vulnerability in the administrative console help system...
Security Bulletin: IBM WebSphere eXtreme Scale's OQL is affected by remote code execution
Summary IBM WebSphere eXtremes Scale's OQL is affected by remote code execution CVE-2026-13772 Vulnerability Details CVEID:CVE-2026-13772 DESCRIPTION: WebSphere eXtreme Scale's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors wit...
Security Bulletin: IBM WebSphere eXtreme Scale is affected by server side request forgery when ORB is used as Transport Protocol
Summary IBM WebSphere eXtremes Scale is affected by server side request forgery when ORB is used as Transport Protocol CVE-2026-13773 Vulnerability Details CVEID:CVE-2026-13773 DESCRIPTION: Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call...
Security Bulletin: IBM WebSphere eXtreme Scale is affected by Insecure Deserilization
Summary IBM WebSphere eXtreme Scale is affected by Insecure Deserilization of untrusted data CVE-2026-13759 Vulnerability Details CVEID:CVE-2026-13759 DESCRIPTION: WebSphere eXtreme Scale ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream,...
Security Bulletin: This Power System update is being released to address CVE-2025-66199
Summary The OpenSSL package is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerability, CVE-2025-66199, by upgrading PowerVM and thus addressing the exposu...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.2.0
Summary Multiple vulnerabilities were addressed in IBM Process Mining 2.2.0 Vulnerability Details CVEID:CVE-2026-22021 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can...
Security Bulletin: Apache Kafka CVE-2026-35554 security vulnerability in FileNet Content Manager reported for BAI-EVENTS-JAVA-SDK
Summary Apache Kafka CVE-2026-35554 security vulnerability in FileNet Content Manager. Affected and vulnerable Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to...
Security Bulletin: Due to use of log4j-core, IBM webMethods BPM is vulnerable to Improper Validation of Certificate with Host Mismatch and Improper Output Neutralization for Logs
Summary IBM webMethods BPM tool is dependant on log4j-core which is affected by known vulnerabilities - CVE-2026-34477 and CVE-2026-34478 Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it...
Security Bulletin: Vulnerability impacts AIX due to cURL libcurl (CVE-2026-5545).
Summary A logic error allows libcurl to reuse an existing Negotiate-authenticated connection even when a new request specifies different credentials for the same server. Vulnerability Details CVEID:CVE-2026-5545 DESCRIPTION: libcurl might in some circumstances reuse the wrong connection when aske...
Security Bulletin: IBM Event Endpoint Management is affected by multiple vulnerabilities
Summary IBM Event Endpoint Management is affected by multiple vulnerabilities which are fixed in IBM Event Endpoint Management version 11.8.0 Vulnerability Details CVEID:CVE-2026-2391 DESCRIPTION: Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma:...
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities
Summary IBM Event Streams is affected by multiple vulnerabilities which are addressed in IBM Event Streams version 13.0.0 Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An...
Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...
Security Bulletin: Security vulnerability has been identified in WebSphere Application Server and Websphere Application Server Liberty shipped with IBM Guardium Key Lifecycle Manager (GKLM)
Summary WebSphere Application Server and Websphere Application Server Liberty is shipped as a component of IBM Guardium Key Lifecycle Manager GKLM. Information about a security vulnerability affecting WebSphere Application Server and Websphere Application Server Liberty has been published in a...
Security Bulletin: Security vulnerabilities have been found in WebSphere Application Server and Websphere Application Server Liberty shipped with IBM Guardium Key Lifecycle Manager (GKLM)
Summary WebSphere Application Server and Websphere Application Server Liberty is shipped as a component of IBM Guardium Key Lifecycle Manager GKLM. Information about security vulnerabilities affecting WebSphere Application Server and Websphere Application Server Liberty has been published in a...
Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-handler-4.1.133.Final.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-handler-4.1.133.Final.jar Vulnerability Details CVEID:CVE-2026-45416 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...
Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-handler-4.1.133.Final.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-handler-4.1.133.Final.jar Vulnerability Details CVEID:CVE-2026-44249 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final an...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-4.1.129.Final.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-4.1.129.Final.jar Vulnerability Details CVEID:CVE-2026-42583 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a...
Security Bulletin: Due to use of IBM Storage Scale, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary Vulnerabilities found in IBM Storage Scale affect IBM Cloud Pak System. These vulnerabilities were addressed in IBM Cloud Pak System v2.3.5.1. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in sinatra-2.0.5.gem
Summary IBM Watson Discovery Cartridge affected by vulnerability in sinatra-2.0.5.gem Vulnerability Details CVEID:CVE-2022-36359 DESCRIPTION: An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-handler-4.1.133.Final.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-handler-4.1.133.Final.jar Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in log4j-core-2.25.2.jar
Summary IBM Watson Discovery Cartridge affected by vulnerabilities in log4j-core-2.25.2.jar Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl
Summary IBM Watson Discovery Cartridge affected by vulnerability in pypdf-6.7.3-py3-none-any.whl Vulnerability Details CVEID:CVE-2026-31826 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to...
Security Bulletin: Security vulnerability has been found in WebSphere Application Server shipped with IBM Guardium Key Lifecycle Manager (SKLM/GKLM)
Summary WebSphere Application Server is shipped as a component of IBM Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed...
Security Bulletin: Maximo AI Service uses langchain_core-0.3.81-py3-none-any.whl which is vulnerable to CVE-2026-26013.
Summary Maximo AI Service uses langchaincore-0.3.81-py3-none-any.whl which is vulnerable to CVE-2026-26013. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-26013 DESCRIPTION: LangChain is a framework for building agents and...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-13449 DESCRIPTION: IBM Business Automation Manager Open Editions is vulnerable t...
Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.5.0 Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Thrift (CVE-2026-43869 & CVE-2026-41603)
Summary IBM Integration Bus for z/OS is vulnerable to Improper Validation of Certificate with Host Mismatch due to Apache Thrift. Vulnerability Details CVEID:CVE-2026-43869 DESCRIPTION: Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-5.0.5.tgz which is vulnerable to CVE-2026-45149
Summary IBM Maximo Application Suite - Visual Inspection component uses brace-expansion-5.0.5.tgz which is vulnerable to CVE-2026-45149. This bulletin contains information regarding the vulnerability and its remediation Vulnerability Details CVEID:CVE-2026-45149 DESCRIPTION: The brace-expansion...
Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.
Summary Maximo AI Service uses pdfminersix-20251107-py3-none-any.whl, requests-2.32.5-py3-none-any.whl, langchaincore-0.3.81-py3-none-any.whl, pythondotenv-1.0.1-py3-none-any.whl, langchaintextsplitters-0.3.11-py3-none-any.whl, qs-6.15.1.tgz, idna-3.10-py3-none-any.whl, idna-3.14-py3-none-any.whl...
Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.
Summary Maximo AI Service uses accelerate-1.6.0-py3-none-any.whl, protobuf-4.25.8-cp37-abi3-manylinux2014x8664.whl, pillow-10.3.0-cp311-cp311-manylinux228x8664.whl, langchain-0.3.23-py3-none-any.whl, nltk-3.9.1-py3-none-any.whl, langchaincore-0.3.81-py3-none-any.whl,...
Security Bulletin: Maximo AI Service uses cryptography-46.0.6-cp311-abi3-manylinux_2_34_x86_64.whl and tomcat-embed-core-10.1.54.jar which are vulnerable to CVE-2026-39892, CVE-2026-41293, CVE-2026-43512, CVE-2026-43513 and CVE-2026-43515.
Summary Maximo AI Service uses cryptography-46.0.6-cp311-abi3-manylinux234x8664.whl and tomcat-embed-core-10.1.54.jar which are vulnerable to CVE-2026-39892, CVE-2026-41293, CVE-2026-43512, CVE-2026-43513 and CVE-2026-43515. This bulletin contains information regarding the vulnerability and its...
Security Bulletin: IBM Maximo Application Suite uses ip-address-10.1.0.tgz and fast-xml-builder-1.1.5.tgz which are vulnerable to CVE-2026-44664, CVE-2026-44665 and CVE-2026-42338.
Summary IBM Maximo Application Suite uses ip-address-10.1.0.tgz and fast-xml-builder-1.1.5.tgz which are vulnerable to CVE-2026-44664, CVE-2026-44665 and CVE-2026-42338. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-42338...
Security Bulletin: IBM Maximo Application Suite uses urllib3-2.6.3-py3-none-any.whl which is vulnerable to CVE-2026-44431 and CVE-2026-44432.
Summary IBM Maximo Application Suite uses urllib3-2.6.3-py3-none-any.whl which is vulnerable to CVE-2026-44431 and CVE-2026-44432. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-44431 DESCRIPTION: urllib3 is an HTTP client...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact
Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details...
Security Bulletin: Weak Cryptographic Key Derivation Exposed All Stored Credentials
Summary A critical vulnerability in the credential encryption system allowed attackers to decrypt all stored API keys, database passwords, and OAuth tokens. The system used Python's non-cryptographic Mersenne Twister PRNG seeded with the SECRETKEY to derive Fernet encryption keys for credentials...
Security Bulletin: Flow Validation Bypass via Empty Component Type Field
Summary A vulnerability in flow validation logic allowed attackers to bypass custom component restrictions by submitting flow nodes with empty or missing type fields. When custom components were disabled, the validator silently skipped nodes lacking a type value instead of blocking them, enabling...
Security Bulletin: Code Injection via Custom Component Endpoint with Authentication Bypass
Summary A code injection vulnerability was identified in the custom component endpoint that allowed execution of arbitrary Python code through the component creation process. The vulnerability was compounded by an authentication bypass feature where AUTOLOGIN was enabled by default, allowing...
Security Bulletin: Insecure Deserialization in Redis Cache Backend
Summary A deserialization vulnerability was identified in the Redis cache service that could allow attackers with network access to the Redis instance to execute arbitrary code. The cache service used dill.loads to deserialize cached values without integrity verification, enabling attackers to...
Security Bulletin: Code Injection Vulnerability in Code Validation Endpoint
Summary A code injection vulnerability was identified in the code validation endpoint that allowed authenticated users to execute arbitrary code on the server. The vulnerability existed in the validation logic which compiled and executed function definitions to check for import errors. Attackers...