35608 matches found
Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability (CVE-2025-61795).
Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to an Improper Resource Shutdown or Release vulnerability CVE-2025-61795. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-61795 DESCRIPTION: Improper...
Security Bulletin: Fixes to common vulnerabilities found in IBM Db2 High Performance Unload
Summary Fixes to common vulnerabilities discovered in IBM Db2 High Performance Unload v12.1 are available to download from IBM. Vulnerability Details CVEID:CVE-2025-33126 DESCRIPTION: IBM Db2 High Performance Unload could allow an authenticated user to cause the program to crash due to the...
Security Bulletin: Vulnerability in NX-OS Firmware and DCNM Software used by IBM c-type SAN directors and switches.
Summary Public disclosed OpenSSL vulnerability in NX-OS Firmware used by IBM c-type SAN directors and switches. The vulnerability has been addressed and can be resolved by applying the NX-OS code and NDFC code levels listed below. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing...
Security Bulletin: Multiple vulnerabilities in IBM Cognos Controller
Summary Multiple vulnerabilities were addressed in IBM Cognos Controller 11.0.1 FP7 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions th...
Security Bulletin: IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-57822.
Summary IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-57822. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-57822 DESCRIPTION: Next.js is a React framework for building full-stack web applications...
Security Bulletin: IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-55173, CVE-2025-57752.
Summary IBM Edge Data Collector uses next-15.3.1.tgz which is vulnerable to CVE-2025-55173, CVE-2025-57752. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-55173 DESCRIPTION: Next.js is a React framework for building full-stack...
Security Bulletin: IBM Edge Data Collector uses axios-1.11.0.tgz which is vulnerable to CVE-2025-58754.
Summary IBM Edge Data Collector uses axios-1.11.0.tgz which is vulnerable to CVE-2025-58754. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Wh...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350.
Summary IBM Maximo Application Suite - Monitor Component uses csvtojson-2.0.10.tgz which is vulnerable to CVE-2025-57350. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-57350 DESCRIPTION: The csvtojson package, a tool for...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343.
Summary IBM Maximo Application Suite - Monitor Component uses tar-fs-2.1.3.tgz which is vulnerable to CVE-2025-59343. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for...
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
Summary IBM Guardium Data Security Center has addressed these vulnerabilties with an update. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to Apache Lucene
Summary IBM webMethods BPM uses Apache Lucene in designer-process-feature and metadata-core-feature for text processing and filtering purpose. Vulnerability Details IBM X-Force ID: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular expression...
Security Bulletin: Vulnerabilities in IBM Java included with IBM Tivoli Composite Application Manager for Applications WebSphere MQ Monitoring Agent
Summary Vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of agent framework in ITCAM for Applications WebSphere MQ Monitoring Agent. CVE-2025-53066 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP compone...
Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-48795 CVE-2025-48913)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163.
Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http2-4.2.2.Final.jar which is vulnerable to CVE-2025-55163. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous,...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses requests-2.32.2-py3-none-any.whl, requests-2.32.3-py3-none-any.whl which are vulnerable to CVE-2024-47081.
Summary IBM Maximo Application Suite - Monitor Component uses requests-2.32.2-py3-none-any.whl, requests-2.32.3-py3-none-any.whl which are vulnerable to CVE-2024-47081. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-47081...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933.
Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-3933. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-3933 DESCRIPTION: A Regular Expression Deni...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976.
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service due to Apache Commons FileUpload and vulnerable to CVE-2025-48976. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service in glassfish jso np and vulnerable to CVE-2025-36097
Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which is affected by a denial of service in glassfish jso np and vulnerable to CVE-2025-36097. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795.
Summary IBM Maximo Application Suite - Monitor Component uses cxf-core-3.6.5.jar which is vulnerable to CVE-2025-48795. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses urllib3-2.2.2-py3-none-any.whl, urllib3-2.2.3-py3-none-any.whl, urllib3-2.4.0-py3-none-any.whl which is vulnerable to CVE-2025-50182, CVE-2025-50181.
Summary IBM Maximo Application Suite - Monitor Component uses urllib3-2.2.2-py3-none-any.whl, urllib3-2.2.3-py3-none-any.whl, urllib3-2.4.0-py3-none-any.whl which is vulnerable to CVE-2025-50182, CVE-2025-50181. This bulletin contains information regarding the vulnerability and its fixture...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses commons-lang3-3.17.0.jar which is vulnerable to CVE-2025-48924.
Summary IBM Maximo Application Suite - Monitor Component uses commons-lang3-3.17.0.jar which is vulnerable to CVE-2025-48924. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerabilit...
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK ( CVE-2025-53066 & CVE-2025-53057 )
Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Improper Access Control and Exposure of Sensitive Information to an Unauthorized Actor due to IBM Java SDK. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related...
Security Bulletin: Due to the use of IBM SDK, IBM Sterling Partner Engagement Manager is vulnerable to a Remote Code Execution.
Summary IBM Sterling Partner Engagement Manager uses IBM SDK within the product. Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that...
Security Bulletin: Due to use of quartz-jobs, IBM Sterling Partner Engagement Manager is vulnerable to a code injection.
Summary IBM Sterling Partner Engagement Managaer uses quartz-jobs, within the product CVE-2025-4447. Vulnerability Details CVEID:CVE-2023-39017 DESCRIPTION: quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component...
Security Bulletin: IBM Jazz Reporting Service is affected by improper access control due to Apache Commons
Summary Apache Commons is used internally by IBM Jazz Reporting Service CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers...
Security Bulletin: Due to use of Apache Jena SDB, IBM Jazz Reporting Service is affected by a JDBC Deserialisation attack.
Summary Apache Jena SDB is used internally by IBM Jazz Reporting Service CVE-2022-45136. Vulnerability Details CVEID:CVE-2022-45136 DESCRIPTION: Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the...
Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)
Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...
Security Bulletin: Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' (Internal Dot) vulnerability (CVE-2025-24813).
Summary Due to the use of Apache Tomcat, IBM ApplinX is vulnerable to a Path Equivalence: 'file.name' Internal Dot vulnerability CVE-2025-24813. Apache Tomcat has been updated within IBM ApplinX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2025-24813 DESCRIPTION: Path...
Security Bulletin: A vulnerability in IBM Semeru Runtime affects z/Transaction Processing Facility
Summary There is a vulnerability in IBM® Semeru Runtime Certified Edition 11 and IBM® Semeru Runtime Certified Edition 21 that are used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle...
Security Bulletin: Astronomer with IBM is vulnerable to denial of service due to the netty package (CVE-2025-55163)
Summary Netty is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to...
Security Bulletin: Astronomer with IBM is vulnerable to request smuggling due to the netty package (CVE-2025-58056)
Summary Netty is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In...
Security Bulletin: Astronomer with IBM is vulnerable to denial of service due to the netty package (CVE-2025-58057)
Summary Netty is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients...
Security Bulletin: Astronomer with IBM is vulnerable to unbounded memory allocation due to the axios package (CVE-2025-58754)
Summary Axios is used by Astronomer with IBM as part of the HTTP processing functionality. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL wi...
Security Bulletin: Astronomer with IBM is vulnerable to sensitive data leaks or malicious requests due to the Apache tika package (CVE-2025-54988)
Summary Apache tika is used by Astronomer with IBM as part of data parsing functionality. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML...
Security Bulletin: Astronomer with IBM is vulnerable to cross-site scripting due to the markdown-it package (CVE-2025-7969)
Summary Markdown-it is used by Astronomer with IBM as part of markdown parsing functionality. Vulnerability Details CVEID:CVE-2025-7969 DESCRIPTION: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in markdown-it allows Cross-Site Scripting...
Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages
Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2007-2243 DESCRIPTION: OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user...
Security Bulletin: Astronomer with IBM is vulnerable to prototype pollution due to the fast-redact package (CVE-2025-57319)
Summary Fast-redact is used by Astronomer with IBM as part of object redaction functionality. Vulnerability Details CVEID:CVE-2025-57319 DESCRIPTION: fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of...
Security Bulletin: Astronomer with IBM is vulnerable to symlink validation bypass due to the tar-fs package (CVE-2025-59343)
Summary Tar-fs is used by Astronomer with IBM as part of tar file processing functionality. Vulnerability Details CVEID:CVE-2025-59343 DESCRIPTION: tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the...
Security Bulletin: Astronomer with IBM is vulnerable to object abuse due to Kubernetes (CVE-2025-5187)
Summary Kubernetes is used by Astronomer with IBM as part of service management functionality. Vulnerability Details CVEID:CVE-2025-5187 DESCRIPTION: A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node obje...
Security Bulletin: Astronomer with IBM is vulnerable to resource allocation abuse due to the pdfmake package (CVE-2025-11362)
Summary Pdfmake is used by Astronomer with IBM as part of document processing functionality. Vulnerability Details CVEID:CVE-2025-11362 DESCRIPTION: Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect...
Security Bulletin: Astronomer with IBM is vulnerable to cross-site scripting due to the jsondiffpatch package (CVE-2025-9910)
Summary Jsondiffpatch is used by Astronomer with IBM as part of JSON processing functionality. Vulnerability Details CVEID:CVE-2025-9910 DESCRIPTION: Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject...
Security Bulletin: Astronomer with IBM is vulnerable to arbitrary writes due to the tmp package (CVE-2025-54798)
Summary Tmp is used by Astronomer with IBM as part of the file processing functionality. Vulnerability Details CVEID:CVE-2025-54798 DESCRIPTION: tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory wri...
Security Bulletin: Astronomer with IBM is vulnerable to network segmentation abuse due to the moby package (CVE-2025-54410)
Summary Moby is used by Astronomer with IBM as part of container management. Vulnerability Details CVEID:CVE-2025-54410 DESCRIPTION: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream...
Security Bulletin: Astronomer with IBM is vulnerable to session security compromise due to the CIRCL package (CVE-2025-8556)
Summary CIRCL is used by Astronomer with IBM as part of crytographic processing functionality. Vulnerability Details CVEID:CVE-2025-8556 DESCRIPTION: A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via...
Security Bulletin: Astronomer with IBM is vulnerable to server-side request forgery due to the node-ip package (CVE-2025-59436, CVE-2025-59437)
Summary Node-ip is used by Astronomer with IBM as part of IP address processing functionality. Vulnerability Details CVEID:CVE-2025-59436 DESCRIPTION: The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally...
Security Bulletin: Astronomer with IBM is vulnerable to improper input validation due to the sha.js package (CVE-2025-9288)
Summary Sha.js is used by Astronomer with IBM as part of the cryptographic processing functionality. Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. CWE:CWE-20:...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Cross-Site Scripting (XSS), specifically Mutation XSS (mXSS) due to dompurify
Summary dompurify is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-builder-ui Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Open Redirect / Server-Side Request Forgery (SSRF) bypass due to Python
Summary Python is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime-manager Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in net/http/internal CVE-2025-22871 Vulnerability Details CVEID:CVE-2025-22871 DESCRIPTION: The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Server-Side Request Forgery (SSRF) due to ip
Summary ip is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-29415 DESCRIPTION: The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and...