Lucene search
K

35608 matches found

IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 8:46 a.m.•25 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "serve-static-1.15.0.tgz, cookie-0.6.0.tgz, send-0.18.0.tgz, express-4.19.2.tgz, requests v2.25.1, idna v2.1" which are vulnerable to "CVE-2024-43800, CVE-2024-47764, CVE-2024-43799, CVE-2024-43796, CVE-2023-32681, CVE-2024-35195, CVE-2024-3651". This...

7.5CVSS6.1AI score0.02782EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 6:15 a.m.•9 views

Security Bulletin: Vulnerabilities in Apache Kafka Client affect BM Spectrum Control

Summary Apache Kafka Client is vulnerable to Server-Side Request Forgery , Remote Code Execution. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-27817 DESCRIPTION: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka...

8.8CVSS7AI score0.62368EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 6:13 a.m.•6 views

Security Bulletin: IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124

Summary IBM Maximo Application Suite uses IBM WebSphere Application Server Liberty 25.0.0.8 which is vulnerable to CVE-2025-36000, CVE-2020-36732 and CVE-2025-36124. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-36000...

7.5CVSS6.1AI score0.01075EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 6:2 a.m.•7 views

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control

Summary IBM WebSphere Application Server Liberty is vulnerable to remote attacker to bypass security restrictions, DoS vulnerability. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-23184 DESCRIPTION: A potential denial of service vulnerability is present i...

7.5CVSS7AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 5:59 a.m.•7 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to Multer middleware of node.js (CVE-2025-48997).

Summary Multer is vulnerable to a denial of service attack. This vulnerability affects IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and...

8.7CVSS6.6AI score0.00368EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 5:55 a.m.•4 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-58754)

Summary axios is vulnerable to Denial of Service attacks. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and...

7.5CVSS6.6AI score0.01099EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 5:52 a.m.•6 views

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to xmldom (CVE-2021-32796)

Summary Vulnerability in JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and...

6.5CVSS6.5AI score0.01347EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 5:49 a.m.•8 views

Security Bulletin: IBM Spectrum Control is vulnerable to weakness related to Apache Commons FileUpload (CVE-2025-48976)

Summary Vulnerability in Apache Commons FileUpload allows denial of service may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. Thi...

7.5CVSS6.5AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 5:42 a.m.•7 views

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesses related to form-data (CVE-2025-7783)

Summary The form-data package is vulnerable to HTTP Parameter Pollution HPP. This vulnerability affects IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerabili...

9.4CVSS6.6AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/28 5:38 a.m.•10 views

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Spectrum Control

Summary Vulnerabilities in IBM® SDK, Java™ Technology Edition may affect IBM Spectrum Control which could allow a remote attacker to cause high confidentiality impact and high integrity impact. Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related...

8.1CVSS5.8AI score0.01058EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/27 1:15 p.m.•6 views

Security Bulletin: Vulnerabilities in Eclipse affect Tivoli Netcool/OMNIbus. (CVE-2024-13009, CVE-2024-47554)

Summary There are vulnerabilities in the MIB Manager application that is part of Tivoli Netcool/OMNIbus. Vulnerability Details CVEID:CVE-2024-13009 DESCRIPTION: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a reques...

7.2CVSS6.8AI score0.01249EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/27 1:5 p.m.•5 views

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus

Summary Vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus have been addressed. Vulnerability Details CVEID:CVE-2025-30761 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java...

5.9CVSS5.8AI score0.00551EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/27 12:9 p.m.•16 views

Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software

Summary Multiple vulnerabilities were addressed in IBM Security QRadar EDR Software version 3.12.21 Vulnerability Details CVEID:CVE-2025-58369 DESCRIPTION: fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through...

7.5CVSS6.4AI score0.02164EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/27 12:1 p.m.•7 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/27 11:47 a.m.•9 views

Security Bulletin: Multiple Vulnerabilities in IBM QRadar Deployment Intelligence app

Summary Multiple vulnerabilities were addressed in IBM QRadar Deployment Intelligence app 3.0.19 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...

9.4CVSS6.7AI score0.01735EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/27 11:46 a.m.•7 views

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect VMware Agent from IBM Tivoli Monitoring for Virtual Environments.

Summary IBM java SDK is used by VMware Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiality impact, no...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/27 1:32 a.m.•10 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with WebSphere Remote Server, are affected by SMTP injection due to Jakarta Mail

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and WebSphere Application Server Liberty has been published in a security bulletin...

7.5CVSS6.7AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 4:40 p.m.•7 views

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.18 LTS and 12.18.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

7.5CVSS5.2AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 4:38 p.m.•5 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2025-54121]

Summary Python module starlette is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin provides patch information to address the reported...

5.3CVSS6.6AI score0.0053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 4:36 p.m.•5 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-64118]

Summary Node.js module tar is used by IBM App Connect Enterprise Certified Container for handling archives files and data. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in...

6.1CVSS6.3AI score0.00128EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 4:35 p.m.•4 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-48924]

Summary Apache Commons Lang is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service. This bulletin provides patch information to address the...

5.3CVSS6.4AI score0.02164EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 4:34 p.m.•7 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to URL validation bypass [CVE-2025-56200]

Summary node.js module validator is used by IBM App Connect Enterprise Certified Container for data validation. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to URL validation bypass. This bulletin provides patch...

6.1CVSS5.9AI score0.00302EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 4:32 p.m.•7 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and code injection [CVE-2025-57350]

Summary Node.js module csvtojson is used by IBM App Connect Enterprise Certified Container for processing CSV data. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntergrationServer operands are vulnerable to denial of service and code injection. This...

8.6CVSS6.5AI score0.00292EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 4:14 p.m.•6 views

Security Bulletin: Vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2025-7962)

Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about an SMTP injection vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

7.5CVSS6.8AI score0.00756EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 3:30 p.m.•7 views

Security Bulletin: Apache commons-fileupload CVE-2025-48976 security vulnerability in FileNet Content Manager (FNCM) component Administration Console for Content Platform Engine (ACCE)

Summary Apache commons-fileupload CVE-2025-48976 security vulnerability in FileNet Content Manager FNCM component Administration Console for Content Platform Engine ACCE Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits...

7.5CVSS6.6AI score0.64718EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 2:32 p.m.•5 views

Security Bulletin: On Windows, any local user can connect to the Informix Server as another user without requiring a password.

Summary Using DB-Access, any local user can connect as another user without needing a password. However, only the designated login user should be allowed to connect without a password. Vulnerability Details CVEID:CVE-2024-45675 DESCRIPTION: IBM Informix Dynamic Server could allow a local user on...

8.4CVSS6.2AI score0.00098EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 12:11 p.m.•5 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Uncontrolled Recursion due to Apache Commons Lang ( CVE-2025-48924 )

Summary IBM App Connect Enterprise runtime and IBM Integration Bus for z/OS are vulnerable to Uncontrolled Recursion due to Apache Commons Lang. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons...

5.3CVSS6.5AI score0.02164EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 12:5 p.m.•10 views

Security Bulletin: Vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI and could cause a confidentiality impact. The Command Line Interface is unaffected. CVE-2025-30754. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle...

4.8CVSS5.5AI score0.00381EPSS
Exploits0Affected Software8
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 10:44 a.m.•6 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to IBM Semeru Runtime (CVE-2025-53057 & CVE-2025-53066))

Summary IBM App Connect Enterprise is vulnerable to Improper Access Control and Exposure of Sensitive Information to an Unauthorized Actor due to IBM Semeru Runtime. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component...

7.5CVSS6.3AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 10:32 a.m.•13 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP component could allow a remote attacker to cause high confidentiali...

7.5CVSS6.4AI score0.00633EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 10:31 a.m.•13 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to different node modules (CVE-2025-57350,CVE-2025-56200 & CVE-2025-64118)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to csvtojson, node-tar packages and validator modules CVE-2025-57350,CVE-2025-56200 &...

8.6CVSS6.1AI score0.00302EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 10:31 a.m.•23 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2025-57353 DESCRIPTION: The Runtime components of messageformat package for Node.js before 3.0.2 contain a prototype pollution vulnerability. Due to insufficient...

7.5CVSS6.4AI score0.00633EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 10:31 a.m.•6 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and DesignerAuthoring operands are vulnerable to loss of integrity [CVE-2025-47907]

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring operands are vulnerable to loss of integrity due to a vulnerability in the Golang module database/sql. This bulletin provides patch information to address the reported vulnerability in database/sql. CVE-2025-479...

7CVSS6.5AI score0.00331EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 10:19 a.m.•12 views

Security Bulletin: IBM Maximo Application Suite - Manage component uses softwares IBM WebSphere Liberty Server 25.0.0.2 and IBM DB2 version 11.5.9 which is vulnerable to CVE-2025-25193, CVE-2024-52894

Summary IBM Maximo Application Suite - Manage component uses softwares IBM WebSphere Liberty Server 25.0.0.2 and IBM DB2 version 11.5.9 which is vulnerable to CVE-2025-25193, CVE-2024-52894. This security bulletine contains details of affected and remediated versions of the same. Vulnerability...

5.5CVSS6.4AI score0.00357EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 10:7 a.m.•22 views

Security Bulletin: Vulnerabilities in multiple components affect IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in libssh, iputils, glib2, libtasn1 and gnutls components affect IBM Storage Virtualize products and could cause denial of service and confidentiality impacts. CVE-2025-47268 CVE-2025-4373 CVE-2024-12133 CVE-2025-48964 CVE-2024-12243. Vulnerability Details...

6.5CVSS6.9AI score0.01467EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 7:56 a.m.•8 views

Security Bulletin: There is a vulnerability in starlette-0.40.0-py3-none-any.whl used by IBM Maximo Visual Inspection application in IBM Maximo Application Suite ( CVE-2025-54121)

Summary There is a vulnerability in starlette-0.40.0-py3-none-any.whl used by IBM Maximo Visual Inspection application in IBM Maximo Application Suite CVE-2025-54121. This Bulletine contains the information regarding affected and remediation versions of the same. Vulnerability Details...

5.3CVSS6.6AI score0.0053EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 7:39 a.m.•12 views

Security Bulletin: Vulnerability in IBM DevOps Solution Workbench

Summary The following vulnerability was addressed in IBM DevOps Solution Workbench version 5.1. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent...

5.3CVSS6.3AI score0.05666EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/26 3:13 a.m.•10 views

Security Bulletin: IBM Operational Decision Manager for Oct 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-22233...

8.2CVSS8.2AI score0.64718EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/25 5:28 p.m.•8 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ Technology Edition shipped with IBM Tivoli Monitoring.

Summary Multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring ITM components. CVE-2025-53066 and CVE-2025-53057 Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified vulnerability in Java SE related to the JAXP...

7.5CVSS6.4AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 8:12 p.m.•5 views

Security Bulletin: Terraform state versions can be created by users with specific permissions without sufficient write access

Summary Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or is auto-applied. This...

4.3CVSS6.5AI score0.00158EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 7:19 p.m.•8 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM® Db2® shipped with IBM WebSphere Remote Server

Summary IBM® Db2® is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM® Db2® have been published in a security bulletin Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

8.8CVSS6.5AI score0.00566EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 3:8 p.m.•6 views

Security Bulletin: IBM Informix updated to use the latest version of Netty to handle the Netty vulnerability.

Summary Netty version updated to 4.1.118.Final in Informix 12.10.xC16W2 and 4.1.121.Final in Informix 14.10.XC12. Vulnerability Details CVEID:CVE-2024-47535 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance...

5.5CVSS6.4AI score0.00408EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 12:56 p.m.•8 views

Security Bulletin: Multiple Security Vulnerabilities in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2023-32731 CVE-2023-32732)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilities Vulnerability Details CVEID:CVE-2023-32731 DESCRIPTION: When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK...

7.5CVSS6.6AI score0.00531EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 12:52 p.m.•7 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-36134)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability. Please apply the following upgrades to remediate the vulnerability. Vulnerability Details CVEID:CVE-2025-36134 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File...

7.5CVSS5.9AI score0.00261EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 12:47 p.m.•8 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-48795)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability. Please apply the remediated versions described below. Vulnerability Details CVEID:CVE-2025-48795 DESCRIPTION: Apache CXF stores large stream based messages as temporary files...

5.6CVSS6AI score0.00624EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 12:41 p.m.•7 views

Security Bulletin: Document Service Container of IBM Sterling B2B Integrator and IBM Sterling File Gateway is Vulnerable to Information Disclosure (CVE-2025-22227)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability. Please upgrade or patch your installation of these products accordingly. Vulnerability Details CVEID:CVE-2025-22227 DESCRIPTION: In some specific scenarios with chained...

6.1CVSS6.3AI score0.0034EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 12:2 p.m.•6 views

Security Bulletin: Multiple Vulnerabilities in IBM Decision Optimization for Cloud Pak for Data (CVE-2025-57350, CVE-2025-53057 and CVE-2025-53066)

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.3.0 Vulnerability Details CVEID:CVE-2025-57350 DESCRIPTION: The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype...

8.6CVSS6.2AI score0.00633EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 12:0 p.m.•6 views

Security Bulletin: Multiple Vulnerabilities in IBM Decision Optimization for Cloud Pak for Data (CVE-2025-6493, CVE-2025-55163 and CVE-2025-58754)

Summary Multiple Vulnerabilities were addressed in IBM Decision Optimization for Cloud Pak for Data version 5.2.2. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty i...

8.2CVSS6.6AI score0.01099EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 11:56 a.m.•8 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-36112)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability. Please apply the fixes available from IBM. Vulnerability Details CVEID:CVE-2025-36112 DESCRIPTION: IBM Sterling B2B Integrator and IBM Sterling File Gateway could reveal...

5.3CVSS6.1AI score0.00205EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
•added 2025/11/21 11:50 a.m.•5 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Improper Neutralization (CVE-2025-5878)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the improper neutralization vulnerability Vulnerability Details CVEID:CVE-2025-5878 DESCRIPTION: A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface...

7.5CVSS7AI score0.004EPSS
Exploits1Affected Software1
Total number of security vulnerabilities35608