35661 matches found
Security Bulletin: IBM WebSphere Application Server Liberty is affected by a denial of service vulnerability due to Eclipse Parsson (CVE-2026-9563)
Summary IBM WebSphere Application Server Liberty is affected by a denial of service with the jsonp-2.1 feature enabled. Vulnerability Details CVEID:CVE-2026-9563 DESCRIPTION: In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maxim...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an authorization bypass vulnerability (CVE-2026-11714)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty (bundled with IBM Enterprise Application Runtimes) are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by uncontrolled resource consumption and denial of service. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an authorization bypass vulnerability (CVE-2026-11714)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an authorization bypass vulnerability (CVE-2026-11714)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability (CVE-2026-11546)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes sectio...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability (CVE-2026-11546)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability (CVE-2026-11546)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a server-side request forgery vulnerability with the adminCenter-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an arbitrary file read vulnerability (CVE-2026-11806)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM watsonx.data integration is vulnerable to authorization bypass due to the Moby package (CVE-2026-33997, CVE-2026-34040)
Summary Moby is used by IBM watsonx.data integration as part of container processing. Vulnerability Details CVEID:CVE-2026-33997 DESCRIPTION: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM WebSphere Remote Server (CVE-2026-11712, CVE-2026-11595, CVE-2026-11708)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM watsonx.data integration is vulnerable to payload verification errors due to the go-git package (CVE-2026-45022)
Summary go-git is used by IBM watsonx.data integration as part of repository handling. Vulnerability Details CVEID:CVE-2026-45022 DESCRIPTION: go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way...
Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source software
Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2026-33814 DESCRIPTION: When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...
Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source software
Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-66506 DESCRIPTION: Fulcio is a free-to-use certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.3,...
Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway
Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-48779 DESCRIPTION: ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to but not including 5.2.5, from 6.0.0 up to 6.2.4,...
Security Bulletin: IBM WebSphere Application Server, bundled with IBM WebSphere Remote Server, is affected by a cross-site request forgery vulnerability (CVE-2026-8408)
Summary IBM WebSphere Application Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by uncontrolled resource consumption and denial of service. Vulnerability Details CVEID:CVE-2026-50645 DESCRIPTION: There is no restriction on the amount of attachment headers that a message can contain...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.1.0 Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v10.0.8.10 Vulnerability Details CVEID:CVE-2026-33244 DESCRIPTION: React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...
Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, bundled with WebSphere Remote Server, are affected by a denial of service due to jose4j (CVE-2024-29371)
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...
Security Bulletin: IBM Storage Scale System: Vulnerability in Linux kernel crypto subsystem could allow local privilege escalation (CVE-2026-31431)
Summary IBM Storage Scale Systems is affected by a security vulnerability identified in the Linux kernel's cryptographic interface CVE-2026-31431 that could allow a local user with low privileges to escalate to root privileges. The vulnerability has a CVSS score of 7.8 High and requires local...
Security Bulletin: QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar App SDK has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-39892 DESCRIPTION:...
Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView
Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-50193 DESCRIPTION: jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data...
Security Bulletin: IBM WebSphere Application Server is affected by a cross-site request forgery vulnerability (CVE-2026-8408)
Summary IBM WebSphere Application Server is affected by a cross-site request forgery vulnerability when using the Administrative Console. Vulnerability Details CVEID:CVE-2026-8408 DESCRIPTION: IBM WebSphere Application Server is affected by a cross-site request forgery, caused by improper...
Security Bulletin: Vulnerabilities in log4j, IBM WebSphere Profile and IBM Semeru Java (CVE-2026-34477, CVE-2026-34480, CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268) affect PowerVM Novalink
Summary The log4j, IBM WebSphere Liberty Profile and IBM Semeru Java are used by PowerVM Novalink. PowerVM Novalink has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere...
Security Bulletin: IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895
Summary IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in...
Security Bulletin: IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480
Summary IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34479, CVE-2026-34480. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix...
Security Bulletin: IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34480
Summary IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478, CVE-2026-34480. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-681...
Security Bulletin: IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478
Summary IBM Maximo Scheduler Optimizer uses log4j-core-2.25.3.jar which is vulnerable to CVE-2026-34477, CVE-2026-34478. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in helpers
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in helpers. CVE-2025-27789 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in qs. CVE-2026-8723 The vulenrabilty have been addressed. Vulnerability Details CVEID:CVE-2026-8723 DESCRIPTION: Summary qs.stringify throws TypeError when called with arrayFormat:...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid.
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to vulnerability in uuid. CVE-2026-41988 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected writes when external outp...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple cross-site scripting vulnerabilities
Summary The security issue described in CVE-2026-11594, CVE-2026-11707 and CVE-2026-11383 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed ...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server affected by a remote code execution vulnerability
Summary The security issue described in CVE-2026-11536 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling
Summary The security issue described in CVE-2026-11541 has been identified in the WebSphere Application Server and WebSphere Application Server Liberty included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by HTTP request smuggling and a denial of service
Summary The security issue described in CVE-2026-9071 as been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 2 of 2)
Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161...
Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (June 2026 - Part 1 of 2)
Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-50010 DESCRIPTION: Netty is a network application framework for...
Security Bulletin: Security vulnerabilities have been found in IBM Application Gateway
Summary Security vulnerabilities have been addressed in IBM Application Gateway Vulnerability Details CVEID:CVE-2026-40355 DESCRIPTION: In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism...
Security Bulletin: Vulnerable Version of Software in Use
Summary Prior versions include vulnerable version of openssl. Vulnerability Details CVEID:CVE-2026-31790 DESCRIPTION: Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact...
Security Bulletin: Vulnerable Version of Software in Use
Summary Prior versions include vulnerable version of openssl. Vulnerability Details CVEID:CVE-2026-28390 DESCRIPTION: Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that...
Security Bulletin: Multiple Vulnerabilities in pyasn1 bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include pyasn1 . It is susceptible to DoS, vulnerability CVE-2026-23490, CVE-2026-30922 Vulnerability Details CVEID:CVE-2026-23490 DESCRIPTION: pyasn1 is a generic ASN.1 library for Python. Prior ...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by multiple vulnerabilities (CVE-2026-8646, CVE-2026-9320, CVE-2026-9071)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by HTTP request smuggling and a denial of service. This affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1,...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Produc...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple cross-site scripting vulnerabilities (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by multiple cross-site scripting vulnerabilities in the administrative console. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by HTTP request smuggling (CVE-2026-11541)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are affected by remote code execution and HTTP request smuggling. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by HTTP request smuggling (CVE-2026-11541)
Summary IBM WebSphere Application Server and WebSphere Application Server Liberty, which are bundled with IBM Enterprise Application Runtimes, are affected by remote code execution and HTTP request smuggling. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: Multiple Vulnerabilities in urllib3 bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include urllib3. It is susceptible to SSRF, high CPU usage and massive memory allocation vulnerabilities CVE-2025-50181, CVE-2025-66418, CVE-2025-66471,CVE-2026-21441 Vulnerability Details...