35608 matches found
Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact
Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.0.37 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...
Security Bulletin: Vulnerability Werkzeug, Twisted-22.10.0-py3, requests-2.32.2-py3, commons-lang-2.6, commons-fileupload-1.5, urllib3-2.2.2, jetty-server-9.4.56.v20240826 affect IBM Cloud Object Storage Systems (Oct 2025)
Summary Vulnerability with Werkzeug CVE-2024-34069, CVE-2023-46136 ,CVE-2024-49767, CVE-2024-49766 Twisted-22.10.0-py3 CVE-2024-41810, CVE-2023-46137, CVE-2024-41671, requests-2.32.2-py3 CVE-2024-47081, urllib3-2.2.2 CVE-2025-50182,CVE-2025-501810 commons-lang-2.6CVE-2025-48924,...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in python3-pip-wheel urllib3 Vulnerability Details CVEID:CVE-2025-50181 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for al...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935.
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Apache Commons (CVE-2025-48734)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-48734 of Improper Access Control in Apache Commons. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Spring boot and Spring Security
Summary IBM Sterling Control Center is affected by vulnerabilities in Spring boot and Spring Security CVE-2025-22235, CVE-2025-22228 and CVE-2024-38821 Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in IBM Java
Summary IBM Sterling Control Center is affected by vulnerabilities in IBM Java CVE-2025-21587, CVE-2025-30698, CVE-2025-2900 and CVE-2025-4447 Vulnerability Details CVEID:CVE-2025-21587 DESCRIPTION: An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote...
Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-security-core-6.4.5.jar (CVE-2025-41232)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41232 in spring-security-core-6.4.5.jar. Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an...
Security Bulletin: IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA (CVE-2025-36361)
Summary IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA. Vulnerability Details CVEID:CVE-2025-36361 DESCRIPTION: IBM App Connect Enterprise could allow an authenticated user to perform unauthorized actions on customer defined resources...
Security Bulletin: Improper Access Control vulnerability in Apache Commons BeanUtils library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48734)
Summary Apache Commons BeanUtils library is used by Tivoli Netcool/OMNIbus WebGUI as part of Filter builder, View builder and Tool admin component. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was...
Security Bulletin: Uncontrolled Recursion vulnerability in Apache Commons Lang library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48924)
Summary Apache Commons Lang library is used by Tivoli Netcool/OMNIbus WebGUI as part of Filter builder, View builder, Tool admin, Menu admin and Event Viewer Preferences component. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang...
Security Bulletin: DoS vulnerability in Apache Commons FileUpload library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48976)
Summary Apache Commons FileUpload library is used by Tivoli Netcool/OMNIbus WebGUI as part of Map Resources admin component. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...
Security Bulletin: Multiple vulnerabilities in IBM DataPower Gateway (OS kernel)
Summary Multiple vulnerabilities were addressed in IBM DataPower Gateway version 10.5.0.19 and 10.6.0.7 Vulnerability Details CVEID:CVE-2024-50154 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai La...
Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Java runtime
Summary Java Runtime is bundled with IBM DataPower Gateway, and used by some bundled components. CVE-2025-50059, CVE-2025-30754 Vulnerability Details CVEID:CVE-2025-50059 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle...
Security Bulletin: Due to the use of Redis, IBM DataPower Gateway is vulnerable to a denial of service
Summary Redis is used in the API Gateway component, and for load balancing. CVE-2025-32023, CVE-2025-48367 Vulnerability Details CVEID:CVE-2025-32023 DESCRIPTION: Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticat...
Security Bulletin: vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT
Summary vulerability in IBM Spectrum Symphony with Nimbus JOSE + JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in...
Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons FileUpload
Summary vulerability in IBM Spectrum Symphony with Apache Commons FileUpload Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...
Security Bulletin: vulerability in IBM Spectrum Symphony with jackson-core
Summary vulerability in IBM Spectrum Symphony with jackson-core Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an...
Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons
Summary vulerability in IBM Spectrum Symphony with Apache Commons Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declare...
Security Bulletin: vulerability in IBM Spectrum Symphony with spring security
Summary vulerability in IBM Spectrum Symphony with spring security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...
Security Bulletin: vulerability in IBM Spectrum Symphony with spring webmvc
Summary vulerability in IBM Spectrum Symphony with spring webmvc Vulnerability Details CVEID:CVE-2024-38819 DESCRIPTION: Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HT...
Security Bulletin: vulerability in IBM Spectrum Symphony with okhttp component
Summary vulerability in IBM Spectrum Symphony with okhttp component Vulnerability Details CVEID:CVE-2023-0833 DESCRIPTION: A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing...
Security Bulletin: multiple vulnerabilities in IBM Spectrum Symphony with Requests and urlib3
Summary Multiple vulnerabilities in IBM Spectrum Symphony with Requests and urlib3, which have now been addressed. Vulnerability Details CVEID:CVE-2025-50182 DESCRIPTION: urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not...
Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java TLS API
Summary multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java TLS API Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature...
Security Bulletin: vulerability in IBM Spectrum Symphony with Elasticsearch
Summary vulerability in IBM Spectrum Symphony with Elasticsearch Vulnerability Details CVEID:CVE-2024-23450 DESCRIPTION: A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. CWE:CWE-400:...
Security Bulletin: vulerability in IBM Spectrum Symphony with Express.js
Summary vulerability in IBM Spectrum Symphony with Express.js Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect...
Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Node.js
Summary multiple vulerability in IBM Spectrum Symphony with Node.js Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling...
Security Bulletin: multiple vulerability in IBM Spectrum Symphony with IBM JRE
Summary multiple vulerability in IBM Spectrum Symphony with IBM JRE Vulnerability Details CVEID:CVE-2024-21147 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentiality, high integrity impacts. CWE:CWE-200: Exposur...
Security Bulletin: multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty
Summary multiple vulerability in IBM Spectrum Symphony with IBM WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2023-50312 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections...
Security Bulletin: multiple vulerability in IBM Spectrum Symphony with ISC BIND
Summary multiple vulerability in IBM Spectrum Symphony with ISC BIND Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queri...
Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library
Summary A bypass vulnerability where, despite CVE-2024-38820 ensuring Locale-independent lowercase conversion for disallowedFields patterns and request parameter names, there are still cases where it is possible to bypass the disallowedFields checks . Vulnerability Details CVEID:CVE-2025-22233...
Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library
Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. A vulnerability where the fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive, but String.toLowerCase has Locale-dependent exceptions that could potentially result in...
Security Bulletin: IBM MQ is affected by a denial of service vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-48976)
Summary IBM WebSphere Application Server Liberty is used by IBM MQ as part of the IBM MQ Console and IBM MQ REST API functionality CVE-2025-48976 Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS...
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2025-48976)
Summary IBM MQ appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons...
Security Bulletin: IBM MQ Appliance is affected by open source vulnerabilities (CVE-2025-8058 and CVE-2025-7425)
Summary IBM MQ Appliance has addressed open source vulnerabilities. Vulnerability Details CVEID:CVE-2025-8058 DESCRIPTION: The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc...
Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-36047)
Summary A denial of service vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-36047 Vulnerability Details CVEID:CVE-2025-36047 DESCRIPTION: IBM WebSphere Application Server...
Security Bulletin: IBM MQ is affected by a vulnerability in IBM WebSphere Application Server Liberty (CVE-2025-36732)
Summary A denial of service vulnerability was identified in IBM WebSphere Application Server Liberty, which IBM MQ ships and uses to supply IBM MQ Console and IBM MQ REST API functionality CVE-2025-36732 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 fo...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to possible memory corruption due to the Linux kernel network scheduler (CVE-2025-37914)
Summary The Linux kernel network scheduler is used by DataStage on Cloud Pak for Data as part of network processing functionality. Vulnerability Details CVEID:CVE-2025-37914 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: netsched: ets: Fix double list add in clas...
Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes a component with known vulnerabilities (CVE-2025-29927 & CVE-2025-48068)
Summary The product includes a vulnerable component e.g., framework library that may be identified and exploited with automated tools. IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION:...
Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library
Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. The vulnerability involves case-sensitive patterns for disallowedFields on a DataBinder, meaning a field is not effectively protected unless it is listed with both upper and lower case for the first...
Security Bulletin: IBM Content Navigator consumes vulnerable spring framework library
Summary Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions. The vulnerability involves another data bypass issue relaed to data binding field protection Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowerca...
Security Bulletin: A Prototype Pollution vulnerability in jquery.dataTables affects IBM Tivoli Network Manager IP Edition (ITNM) (CVE-2020-28458)
Summary A Prototype Pollution vulnerability in jquery.dataTables was addressed in ITNM version 4.2 Fix Pack 23 4.2.0.23 Vulnerability Details CVEID:CVE-2020-28458 DESCRIPTION: All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for...
Security Bulletin: IBM webMethods Integration Sever is affected by server-side request forgery (SSRF)
Summary IBM webMethods Integration Sever is affected by server-side request forgery SSRF. CVE-2025-36037 Vulnerability Details CVEID:CVE-2025-36037 DESCRIPTION: IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send...
Security Bulletin: Multiple vulnerabilities in IBM Aspera High-Speed Transfer Server, IBM Aspera High-Speed Transfer Endpoint and IBM Aspera Desktop Client.
Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Server v4.4.7, IBM Aspera High-Speed Transfer Endpoint v4.4.7 and IBM Aspera Desktop Client v4.4.7. Vulnerability Details CVEID:CVE-2025-46818 DESCRIPTION: Redis is an open source, in-memory database that persists o...
Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector
Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 6.4.0 Vulnerability Details CVEID:CVE-2019-19135 DESCRIPTION: In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in jose-4.15.9.tgz Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not me...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in sha.js-2.4.11.tgz CVE-2025-9288 Vulnerability Details CVEID:CVE-2025-9288 DESCRIPTION: Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js:...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in on-headers-1.0.2.tgz Vulnerability Details CVEID:CVE-2025-7339 DESCRIPTION: on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz Vulnerability Details CVEID:CVE-2025-6547 DESCRIPTION: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2:...