35608 matches found
Security Bulletin: URI Handling Vulnerability Causes Unbounded Memory Allocation (DoS)
Summary Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory Buffer/Blob and return...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat( CVE-2025-55752,CVE-2025-55754 & CVE-2025-61795)
Summary IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-55752 DESCRIPTION: Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized...
Security Bulletin: Vulnerability in strongswan affects IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products
Summary A vulnerability in the strongswan IKEv1 implementation affects IBM Storage Virtualize products and could cause a confidentiality impact. CVE-2025-36118. Vulnerability Details CVEID:CVE-2025-36118 DESCRIPTION: IBM Storage Virtualize IKEv1 implementation allows remote attackers to obtain...
Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics
Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Local - IBM Planning Analytics Workspace version 2.1.15. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest fixpack Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)
Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...
Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability in the Jakarta Mail library with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details Refer to the securit...
Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub
Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.2.2 Vulnerability Details CVEID:CVE-2025-56200 DESCRIPTION: A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL function uses '://' as a delimiter to parse protocols, whi...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability in the Jakarta Mail library with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details Refer to the...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)
Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by an SMTP injection vulnerability in the Jakarta Mail library with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details Refer to the security...
Security Bulletin: The OWASP Java HTML Sanitizer Vulnerability Affects IBM Jazz Reporting Service.
Summary A vulnerability in the OWASP Java HTML Sanitizer, present in versions prior to 20211018.1, may result in incomplete enforcement of sanitization policies for specific HTML elements. This issue affects IBM® Jazz Reporting Service and has been addressed as documented in the Remediation secti...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses openjdk 17.0.14 and Python 3.11.11 which is vulnerable to CVEs listed in Summary.
Summary IBM Maximo Application Suite - Manage Component uses openjdk 17.0.14 which is vulnerable to CVE-2025-21587 ,CVE-2025-30698 , CVE-2025-2900 and Python 3.11.11 which is vulnerable to CVE-2025-4435,CVE- 2024-12718,CVE-2025-4330, CVE-2025-45. This bulletin contains information regarding the...
Security Bulletin: IBM Engineering Test Management is affected by a denial of service due to WebSphere Application Server traditional.
Summary IBM WebSphere Application Server shipped with IBM Engineering Test Management is affected by a denial of service vulnerability CVE-2025-36099. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
Security Bulletin: IBM® Engineering Lifecycle Management products affected by multiple vulnerabilities in IBM® SDK, Java™ Technology Edition (CVE-2025-53066, CVE-2025-53057)
Summary Multiple vulnerabilities within IBM SDK Java Technology affect IBM Engineering Lifecycle Management products. IBM Engineering Lifecycle Optimization - Engineering Insights, IBM Engineering Workflow Management, Jazz Foundation, IBM Engineering Test Management, Global Configuration...
Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics Advanced Certified Containers
Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Advanced Certified Containers 3.1.2. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a...
Security Bulletin: Due to the use of Protobuf Pure-Python backend, IBM Watson Discovery Cartridge is vulnerable to corruption by exceeding the Python recursion limit
Summary IBM Watson Discovery Cartridge uses Protobuf Pure-Python backend for gRPC communication between the Python IOCR service and the Scala/Java pipeline components Vulnerability Details CVEID:CVE-2025-4565 DESCRIPTION: Any project that uses Protobuf Pure-Python backend to parse untrusted...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to the netty package (CVE-2025-58057)
Summary Netty is used by DataStage on Cloud Pak for Data as part of the request processing functionality. Vulnerability Details CVEID:CVE-2025-58057 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-58754)
Summary IBM Security SOAR uses an older version of axios that may be identified and exploited. Updates for supported versions have been released which address this issue. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When...
Security Bulletin: IBM i is affected by Remote Code Execution, Deserialization of Untrusted Data, and Improper Access Controls vunlerabilities in IBM Java SDK and IBM Java Runtime [CVE-2025-50106, CVE-2025-30749, CVE-2025-30761, CVE-2025-30754]
Summary IBM SDK Java Technology Edition and IBM Runtime Environment Java used by IBM i to support the building and running of Java applications are vulnerable to remote code execution CVE-2025-50106, CVE-2025-30749 and deserialization of untrusted data by using APIs in the specific component...
Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Enterprise Application Service for Java (CVE-2020-36732)
Summary IBM Enterprise Application Service for Java is affected by a vulnerability in WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a...
Security Bulletin: CVEs addressed in latest release of Cloudera Observability
Summary Common Vulnerabilities addressed by Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2021-20190 DESCRIPTION: A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this...
Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.
Summary TSSC/IMC addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-34397 DESCRIPTION: An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted...
Security Bulletin: Due to the use of Apache tomcat, IBM webMethods Integration is affected by some vulnerabilities
Summary Vulnerabilities due to Apache tomcat have been addressed in IBM webMethods Integration. Vulnerability Details CVEID:CVE-2025-55754 DESCRIPTION: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log...
Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2025-52999
Summary IBM Business Automation Workflow Case documentation in before 25.0.0 built upon a version of DITA, which packages a vulnerable copy of jackson-core. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator...
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server and Websphere Application Server Liberty shipped with IBM Guardium Key Lifecycle Manager (GKLM)
Summary WebSphere Application Server and Websphere Application Server Liberty is shipped as a component of IBM Guardium Key Lifecycle Manager GKLM. Information about a security vulnerability affecting WebSphere Application Server and Websphere Application Server Liberty has been published in a...
Security Bulletin: Security vulnerability has been found in IBM Application Gateway
Summary Security vulnerability has been addressed in IBM Application Gateway. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple...
Security Bulletin: Due to use of Redhat Linux, IBM QRadar Network Packet Capture is vulnerable to a buffer overflow
Summary IBM QRadar Network Packet Capture is bundled with Redhat Linux 8.10. A buffer overflow vulnerability has been addressed CVE-2024-52533 Vulnerability Details CVEID:CVE-2024-52533 DESCRIPTION: gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer...
Security Bulletin: IBM Storage Insights is vulnerable to weakness related to Apache Commons Lang
Summary Vulnerabilities in Apache Commons Lang may affect IBM Storage Insights which could allow uncontrolled recursion. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...
Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to XML External Entity Injection (XXE)
Summary An XML External Entity Injection XXE vulnerability in InfoSphere Information Server Manager can potentially be used by an attacker to retrieve sensitive documents. Information Server Manager has a bulk import feature to help users import lists of Source Control Module SCM websites or user...
Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting (CVE-2025-36135)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the cross-site scripting vulnerability Vulnerability Details CVEID:CVE-2025-36135 DESCRIPTION: IBM Sterling B2B Integrator is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to emb...
Security Bulletin: IBM QRadar SIEM is affected by cross-site scripting (CVE-2025-36170, CVE-2025-36138)
Summary IBM QRadar SIEM is affected by cross-site scripting . IBM has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-36170 DESCRIPTION: IBM QRadar is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.5 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more...
Security Bulletin: Multiple vulnerabilities in IBM QRadar SIEM
Summary Multiple vulnerabilities were addressed in IBM QRadar SIEM version 7.5.0 UP14 IF01 Vulnerability Details CVEID:CVE-2025-38527 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak A race condition can occur in...
Security Bulletin: IBM InfoSphere Information Server is affected by an XML external entity injection (XXE) vulnerability (CVE-2025-12531)
Summary An XML external entity injection XXE vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-12531 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...
Security Bulletin: IBM QRadar SIEM protocol is affected by an Elevation of Privilege in the Azure SDK for Java.
Summary Azure SDK for Java may allow privilege escalation under certain conditions; IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-16971 DESCRIPTION: Azure SDK for Java Security Feature Bypass Vulnerability CVSS Source: NVD CVSS Base score: 9.1 CVSS...
Security Bulletin: IBM webMethods BPM is affected by multiple vulnerabilities
Summary Vulnerabilities due to Apache tomcat have been addressed in IBM webMethods BPM. Vulnerability Details CVEID:CVE-2025-52520 DESCRIPTION: For some unlikely configurations of multipart upload, an Integer Overflow vulnerability in Apache Tomcat could lead to a DoS via bypassing of size limits...
Security Bulletin: IBM QRadar SIEM is affected by improper storage of credentials in configuration files
Summary IBM QRadar SIEM is affected by improper storage of credentials in configuration files in source control. IBM has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-33119 DESCRIPTION: IBM QRadar SIEM stores user credentials in configuration files in source contr...
Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable due to IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service .
Summary IBM Tivoli Application Dependency Discovery Manager is exposed to multiple vulnerabilities because it uses IBM WebSphere Application Server Liberty which have multiple vulnerabilities CVE-2025-36000, CVE-2025-36047, CVE-2024-56339 Vulnerability Details CVEID:CVE-2025-36000 DESCRIPTION: IB...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component.
Summary Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component. Vulnerability Details CVEID:CVE-2022-42004 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial o...
Security Bulletin: Due to use of jetty-server IBM webMethods BPM is vulnerable to corrupted and/or inadvertent sharing of data between requests
Summary IBM webMethods BPM is using jetty-server which is affected by a known vulnerability CVE-2024-13009. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-13009 DESCRIPTION: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be...
Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant On Prem
Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant On Prem V5.2.2 Vulnerability Details CVEID:CVE-2024-55459 DESCRIPTION: An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the getfile...
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.308 Vulnerability Details CVEID:CVE-2025-32990 DESCRIPTION: A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic withi...
Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server and WebSphere Application Server Liberty and are affcted by affected by SMTP injection due to Jakarta Mail.
Summary The security issue described in CVE-2025-7962 has been identified in the WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to SMTP injection due to Jakarta Mail (CVE-2025-7962)
Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-setuptools python3-setuptools-wheel setuptools Vulnerability Details CVEID:CVE-2025-47273 DESCRIPTION: setuptools is a package that allows users to download, build, install, upgrade, and...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion nodejs nodejs-docs nodejs-full-i18n npm
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in brace-expansion nodejs nodejs-docs nodejs-full-i18n npm Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1_x86_64.whl
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch-2.6.0-cp313-cp313-manylinux1x8664.whl Vulnerability Details CVEID:CVE-2025-2148 DESCRIPTION: A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this...